Lucene search
K

CVE-2025-5946

🗓️ 14 Oct 2025 14:29:00Reported by CentreonType 
cve
 cve
🔗 web.nvd.nist.gov👁 18 Views🌐 WEB

CVE-2025-5946 high privilege users can cause OS command injection via poller reload in Centreon Infra Monitoring.

Related
Detection
Affected
Refs
Paths
NVD
Node
centreoncentreon_webRange23.10.023.10.28
OR
centreoncentreon_webRange24.04.024.04.18
OR
centreoncentreon_webRange24.10.024.10.13
[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Poller reload setup in the configuration"
    ],
    "product": "Infra Monitoring",
    "vendor": "Centreon",
    "versions": [
      {
        "lessThan": "24.10.13",
        "status": "affected",
        "version": "24.10.0",
        "versionType": "custom"
      },
      {
        "lessThan": "24.04.18",
        "status": "affected",
        "version": "24.04.0",
        "versionType": "custom"
      },
      {
        "lessThan": "23.10.28",
        "status": "affected",
        "version": "23.10.0",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
broker_reload_commandnested/centreon/main.get.phpOS Command Injection via broker_reload_command parameter in Centreon poller configuration leading to RCE when payload is injected and poller is restarted.CWE-78
pollerrequest body/centreon/include/configuration/configGenerate/xml/restartPollers.phpTrigger executed RCE by restarting the poller after a payload has been injected into the broker_reload_command setting.CWE-78
moderequest body/centreon/include/configuration/configGenerate/xml/restartPollers.phpTrigger executed RCE by restarting the poller after a payload has been injected into the broker_reload_command setting.CWE-78

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 09:49Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.17.2
EPSS0.13843
SSVC
18