Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN753
_____________________________________________________________________

DATE                : 31/10/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Centreon MBI versions prior to
                               24.10.6, 24.04.9, 23.10.15,
                     Centreon Web versions prior to 24.10.9, 24.04.16,
                                         23.10.26.

=====================================================================
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8432-centreon-mbi-high-severity-5180
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-10023-centreon-web-all-versions-medium-severity-5179
_____________________________________________________________________

Publication date: October 30th, 2025

Components: centreon-bi-server

Description: CentreonBI user account on the MBI server can execute
commands as root by modifying script runned by the CRON.

Reference: CVE-2025-8432

CVSS: 8.4 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)

Severity: High

 

Status: Fixes have been provided for all supported versions and it is
recommended to update Centreon MBI on Central Server:

    Centreon MBI 24.10.6
    Centreon MBI 24.04.9
    Centreon MBI 23.10.15

These versions include cumulative fixes from prior updates
 
 

Reporter: SpawnZii - PGM12268-13

_____________________________________________________________________

Publication date: October 30th, 2025

Components: centreon-web

Description: A user with elevated privileges can inject XSS in the
Meta-Service configuration page.

Reference: CVE-2025-10023

CVSS: 6.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C)

Severity: Medium


Status: Fixes have been provided for all supported versions and it is
recommended to update Centreon Web on Central Server:

    Centreon Web 24.10.9
    Centreon Web 24.04.16
    Centreon Web 23.10.26

These versions include cumulative fixes from prior updates.

If you are using an High Availability Platform, please ensure to
follow the Centreon HA Update procedures.

 

Reporter: SpawnZii - PGM12268-13

 

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================