CVE-2025-15026 in Infra Monitoring
Summary
by MITRE • 01/05/2026
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/24/2026
The CVE-2025-15026 vulnerability represents a critical authentication flaw within Centreon's Infra Monitoring platform, specifically affecting the centreon-awie module responsible for Awie import functionality. This weakness stems from inadequate access control mechanisms that fail to properly validate user permissions before granting access to sensitive operational functions. The vulnerability exists across multiple version ranges including 25.10.0 through 25.10.1, 24.10.0 through 24.10.2, and 24.04.0 through 24.04.2, indicating a widespread issue that impacts a significant portion of Centreon's infrastructure monitoring capabilities. The flaw manifests as a missing authentication check for critical functions, allowing unauthorized users to access functionality that should be restricted to privileged administrators or authorized personnel.
This vulnerability directly maps to CWE-285, which addresses insufficient authorization in software systems, and aligns with ATT&CK technique T1078.004 for Valid Accounts and T1566.001 for Phishing. The technical implementation flaw occurs when the system fails to enforce proper access control lists (ACLs) during critical function execution, enabling attackers to bypass normal authentication procedures. The Awie import module typically handles configuration imports and system modifications that could fundamentally alter monitoring behavior, making this access unrestricted particularly dangerous. Attackers exploiting this vulnerability could potentially manipulate monitoring configurations, import malicious data, or access sensitive infrastructure information without proper authorization, undermining the integrity of the entire monitoring ecosystem.
The operational impact of CVE-2025-15026 extends beyond simple unauthorized access, as it compromises the fundamental security posture of infrastructure monitoring systems. Organizations relying on Centreon for critical infrastructure monitoring face potential exposure to data breaches, system compromise, and operational disruption when attackers leverage this vulnerability to gain unauthorized access to monitoring functions. The affected versions span multiple release cycles, suggesting that the vulnerability has persisted across several updates, potentially allowing attackers to maintain persistent access through compromised systems. This vulnerability particularly threatens organizations with complex monitoring infrastructures where the Awie import functionality might be used to import configuration changes that could redirect monitoring data, disable alerts, or introduce backdoors within the monitoring environment.
Organizations should immediately implement mitigations including applying the patched versions 25.10.2, 24.10.3, and 24.04.3 to address the authentication bypass. System administrators should conduct comprehensive access reviews to ensure that only authorized personnel maintain access to monitoring functions, particularly those related to configuration imports and system modifications. Network segmentation and monitoring of import activities can provide additional layers of protection, while implementing proper logging and alerting for unauthorized access attempts. Security teams should also perform vulnerability assessments to identify any potential exploitation attempts and ensure that all monitoring systems are properly configured with appropriate access controls. The remediation process should include validating that proper authentication mechanisms are enforced for all critical functions and that existing access control lists are properly implemented and tested across all affected Centreon versions.