免费扫描
CRITICALCVE-2025-15026CVSS 9.8

Unauthenticated configuration import allows administrative account creation using AWIE component

翻译中…

平台

other

组件

centreon-awie

修复版本

25.10.2

24.10.3

24.04.3

AI Confidence: highNVDEPSS 0.0%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2025-15026 describes a critical vulnerability within the Awie import module of Centreon Infra Monitoring. This flaw allows attackers to bypass access control lists (ACLs) and access functionality without proper authentication, potentially leading to unauthorized data access and system manipulation. The vulnerability affects versions 24.04.0 through 25.10.2 of Centreon Infra Monitoring, and a fix is available in version 25.10.2.

影响与攻击场景翻译中…

The core of this vulnerability lies in the missing authentication check for critical functions within the Awie import module. An attacker who can exploit this flaw can bypass the intended security controls and gain access to sensitive data or execute unauthorized actions within the Centreon environment. This could include modifying monitoring configurations, accessing confidential reports, or even potentially escalating privileges to gain control of the entire system. The impact is particularly severe given Centreon's role in monitoring critical infrastructure, where unauthorized access could lead to disruptions and data loss. Successful exploitation could mirror the impact of privilege escalation vulnerabilities seen in other monitoring platforms, allowing attackers to gain a foothold and move laterally within the network.

利用背景翻译中…

CVE-2025-15026 was publicly disclosed on 2026-01-05. The CVSS score of 9.8 indicates a critical severity. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a heightened risk of exploitation. Active campaigns targeting Centreon are not currently known, but the critical nature of the vulnerability warrants close monitoring.

哪些人处于风险中翻译中…

Organizations heavily reliant on Centreon Infra Monitoring for critical infrastructure management are particularly at risk. Environments with legacy configurations or those using shared hosting models where the Centreon instance is not adequately isolated are also more vulnerable. Any deployment utilizing versions 24.04.0 through 25.10.2 is potentially exposed.

攻击时间线

  1. Disclosure

    disclosure

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

0.05% (14% 百分位)

CISA SSVC

利用情况none
可自动化yes
技术影响total

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.8CRITICALAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredNone攻击所需的认证级别User InteractionNone是否需要受害者采取行动ScopeUnchanged超出受影响组件的影响范围ConfidentialityHigh敏感数据泄露风险IntegrityHigh数据未授权篡改风险AvailabilityHigh服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
无 — 无需认证,无需凭证即可利用。
User Interaction
无 — 攻击自动且无声,受害者无需任何操作。
Scope
未改变 — 影响仅限于脆弱组件本身。
Confidentiality
高 — 完全丧失机密性,攻击者可读取所有数据。
Integrity
高 — 攻击者可写入、修改或删除任何数据。
Availability
高 — 完全崩溃或资源耗尽,完全拒绝服务。

受影响的软件

组件centreon-awie
供应商Centreon
影响范围修复版本
25.10.0 – 25.10.225.10.2
24.10.0 – 24.10.324.10.3
24.04.0 – 24.04.324.04.3

弱点分类 (CWE)

CWE-306

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2025-15026 is to immediately upgrade Centreon Infra Monitoring to version 25.10.2 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. While a direct ACL bypass mitigation is difficult without patching, restrict network access to the Awie import module using firewalls or network segmentation to limit the potential attack surface. Review and strengthen existing authentication mechanisms for other Centreon components to reduce the overall risk profile. After upgrading, verify the fix by attempting to access restricted functionality without proper authentication credentials; access should be denied.

修复方法翻译中…

Actualice Centreon Infra Monitoring a la versión 25.10.2, 24.10.3 o 24.04.3, o posterior. Esto corregirá la vulnerabilidad de autenticación faltante en el módulo Awie import, impidiendo la creación no autorizada de cuentas administrativas.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2025-15026 — ACL Bypass in Centreon Infra Monitoring?

CVE-2025-15026 is a critical vulnerability in Centreon Infra Monitoring's Awie import module allowing attackers to bypass access controls and access functionality without authentication.

Am I affected by CVE-2025-15026 in Centreon Infra Monitoring?

Yes, if you are using Centreon Infra Monitoring versions 24.04.0 through 25.10.2, you are potentially affected by this vulnerability.

How do I fix CVE-2025-15026 in Centreon Infra Monitoring?

Upgrade Centreon Infra Monitoring to version 25.10.2 or later to remediate the vulnerability. Consider temporary network restrictions if immediate upgrade is not possible.

Is CVE-2025-15026 being actively exploited?

While no active campaigns are currently known, the critical nature of the vulnerability warrants close monitoring and proactive mitigation.

Where can I find the official Centreon advisory for CVE-2025-15026?

Refer to the official Centreon security advisory for detailed information and guidance regarding CVE-2025-15026.

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE