Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN017 _____________________________________________________________________ DATE : 09/01/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Centreon AWIE versions prior to 25.10.2, 24.10.3, 24.04.3. ===================================================================== https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15029-centreon-awie-critical-severity-5356 https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15026-centreon-awie-critical-severity-5357 _____________________________________________________________________ CVE-2025-15029 - Centreon AWIE - CRITICAL Severity lpinsivy Centreonian Publication date: January 8th, 2026 Components: centreon-awie Description: An unauthenticated user is able to introduce SQL Injection using the AWIE export module. Reference: CVE-2025-15029 CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Severity: Critical Status: Fixes have been provided for all supported versions and it is recommended to update Centreon AWIE on Central Server: Centreon AWIE 25.10.2 Centreon AWIE 24.10.3 Centreon AWIE 24.04.3 These versions include cumulative fixes from prior updates. If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: marceloQJ _____________________________________________________________________ CVE-2025-15026 - Centreon AWIE - Critical Severity lpinsivy Centreonian Publication date: January 8th, 2026 Components: centreon-awie Description: Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. Reference: CVE-2025-15026 CVSS: 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Severity: Critical Status: Fixes have been provided for all supported versions and it is recommended to update Centreon AWIE on Central Server: Centreon AWIE 25.10.2 Centreon AWIE 24.10.3 Centreon AWIE 24.04.3 These versions include cumulative fixes from prior updates. If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: marceloQJ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================