RCE via the backup feature available only to user with...

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

Basic Information

ID CVE-2025-5965

Source Centreon

Published Jan 5, 2026 at 10:06

Affected Product

Vendor Centreon

Product Infra Monitoring

Version 25.10.0

Affected Versions Centreon Infra Monitoring 25.10.0
Centreon Infra Monitoring 24.10.0
Centreon Infra Monitoring 24.04.0

CWE Classification

CWE-78

References

github.com /centreon/centreon/releases

{
    "lastseen": "",
    "description": "In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.",
    "published": "2026-01-05T10:06:05.494Z",
    "modified": "2026-01-05T10:06:05.494Z",
    "type": "cve",
    "title": "RCE via the backup feature available only to user with high privilege",
    "source": "Centreon",
    "references": "https://github.com/centreon/centreon/releases",
    "id": "CVE-2025-5965",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Centreon Infra Monitoring 25.10.0\nCentreon Infra Monitoring 24.10.0\nCentreon Infra Monitoring 24.04.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Infra Monitoring",
    "version": "25.10.0",
    "vendor": "Centreon",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

RCE via the backup feature available only to user with high privilege_CVE-2025-5965