Unrated severityNVD Advisory· Published Oct 14, 2025· Updated Oct 14, 2025

RCE via the poller reload feature available only to user with high privilege

CVE-2025-5946

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command.

This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.

Affected products

Centreon/Centreonllm-fuzzy
Range: >=24.10.0 <24.10.13, >=24.04.0 <24.04.18, >=23.10.0 <23.10.28
Centreon/Infra Monitoringv5
Range: 24.10.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5946-centreon-web-all-versions-high-severity-5104mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.026
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000