प्लेटफ़ॉर्म
other
घटक
centreon-awie
में ठीक किया गया
25.10.2
24.10.3
24.04.3
CVE-2025-15026 describes a critical vulnerability within the Awie import module of Centreon Infra Monitoring. This flaw allows attackers to bypass access control lists (ACLs) and access functionality without proper authentication, potentially leading to unauthorized data access and system manipulation. The vulnerability affects versions 24.04.0 through 25.10.2 of Centreon Infra Monitoring, and a fix is available in version 25.10.2.
The core of this vulnerability lies in the missing authentication check for critical functions within the Awie import module. An attacker who can exploit this flaw can bypass the intended security controls and gain access to sensitive data or execute unauthorized actions within the Centreon environment. This could include modifying monitoring configurations, accessing confidential reports, or even potentially escalating privileges to gain control of the entire system. The impact is particularly severe given Centreon's role in monitoring critical infrastructure, where unauthorized access could lead to disruptions and data loss. Successful exploitation could mirror the impact of privilege escalation vulnerabilities seen in other monitoring platforms, allowing attackers to gain a foothold and move laterally within the network.
CVE-2025-15026 was publicly disclosed on 2026-01-05. The CVSS score of 9.8 indicates a critical severity. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a heightened risk of exploitation. Active campaigns targeting Centreon are not currently known, but the critical nature of the vulnerability warrants close monitoring.
Organizations heavily reliant on Centreon Infra Monitoring for critical infrastructure management are particularly at risk. Environments with legacy configurations or those using shared hosting models where the Centreon instance is not adequately isolated are also more vulnerable. Any deployment utilizing versions 24.04.0 through 25.10.2 is potentially exposed.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.05% (14% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-15026 is to immediately upgrade Centreon Infra Monitoring to version 25.10.2 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. While a direct ACL bypass mitigation is difficult without patching, restrict network access to the Awie import module using firewalls or network segmentation to limit the potential attack surface. Review and strengthen existing authentication mechanisms for other Centreon components to reduce the overall risk profile. After upgrading, verify the fix by attempting to access restricted functionality without proper authentication credentials; access should be denied.
Actualice Centreon Infra Monitoring a la versión 25.10.2, 24.10.3 o 24.04.3, o posterior. Esto corregirá la vulnerabilidad de autenticación faltante en el módulo Awie import, impidiendo la creación no autorizada de cuentas administrativas.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-15026 is a critical vulnerability in Centreon Infra Monitoring's Awie import module allowing attackers to bypass access controls and access functionality without authentication.
Yes, if you are using Centreon Infra Monitoring versions 24.04.0 through 25.10.2, you are potentially affected by this vulnerability.
Upgrade Centreon Infra Monitoring to version 25.10.2 or later to remediate the vulnerability. Consider temporary network restrictions if immediate upgrade is not possible.
While no active campaigns are currently known, the critical nature of the vulnerability warrants close monitoring and proactive mitigation.
Refer to the official Centreon security advisory for detailed information and guidance regarding CVE-2025-15026.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।