CVE-2025-5945info

Summary

by MITRE • 06/10/2025

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon centreon-web (Backup configuration modules) allows OS Command Injection.This issue affects centreon-web: Cloud 25.03, from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.15, from 23.10.0 before 23.10.24.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 06/03/2026

The vulnerability under examination represents a critical operating system command injection flaw within the Centreon centreon-web platform, specifically impacting the backup configuration modules functionality. This weakness enables malicious actors to execute arbitrary operating system commands through improperly sanitized input parameters, creating a severe security risk for organizations relying on Centreon for network monitoring and management. The vulnerability manifests in the backup configuration modules where user-supplied data fails to undergo proper validation and sanitization before being incorporated into system commands, thereby exposing the underlying operating system to unauthorized command execution.

The technical root cause of this vulnerability aligns with CWE-77, which specifically addresses improper neutralization of special elements used in operating system commands. The flaw occurs when the application constructs operating system commands by concatenating user input without adequate sanitization or escaping mechanisms, allowing attackers to inject malicious command sequences. In the context of Centreon's backup functionality, this means that when administrators or users interact with backup configuration modules, any input parameters containing special shell metacharacters such as semicolons, pipes, or command substitution operators can be exploited to execute unintended system commands. The vulnerability exists across multiple version ranges, indicating a persistent flaw in the input handling mechanisms of the backup module implementation.

The operational impact of this vulnerability extends beyond simple command execution, as it provides attackers with potentially full system compromise capabilities. An attacker who successfully exploits this vulnerability could gain unauthorized access to the underlying operating system, execute arbitrary code with elevated privileges, and potentially escalate their access to other systems within the network infrastructure. The backup configuration modules are particularly sensitive targets since they often require elevated permissions and may contain sensitive system information or configuration data. This vulnerability creates a direct pathway for attackers to bypass normal authentication mechanisms and directly manipulate system-level operations, potentially leading to complete system compromise or data exfiltration.

Organizations utilizing Centreon versions within the affected ranges should immediately implement mitigations to protect their monitoring infrastructure. The primary remediation strategy involves implementing proper input validation and sanitization mechanisms that prevent special shell characters from being interpreted as command delimiters or operators. This includes implementing proper escaping of user-supplied input before incorporating it into system commands, utilizing parameterized command execution where possible, and implementing strict input filtering to reject or sanitize potentially dangerous characters. Additionally, organizations should consider implementing principle of least privilege access controls for backup modules, ensuring that only authorized personnel can access these sensitive functions. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other components of the Centreon platform, as this type of flaw often indicates broader input validation issues that may exist elsewhere in the application codebase. The vulnerability also highlights the importance of following secure coding practices and adhering to industry standards such as those outlined in the OWASP Top Ten and MITRE ATT&CK framework, particularly in relation to command injection attack vectors and defensive measures.

Disclosure

06/10/2025

Moderation

in review

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!