CVE-2025-8432

CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON

Description

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.

INFO

Published Date :

2025-10-27T10:08:33.662Z

Last Modified :

2025-10-30T13:51:12.045Z

Source :

Centreon

AFFECTED PRODUCTS

The following products are affected by CVE-2025-8432 vulnerability.

Vendors	Products
Centreon	Centreon

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-8432.

URL	Resource
https://github.com/centreon/centreon/releases
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8432-centreon-mbi-high-severity-5180

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact