CVE-2025-15026

Critical

Published: 05 January 2026

Published

05 January 2026

Modified

26 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0004 10.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15026 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Centreon Awie. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

AC-14 explicitly authorizes or prohibits critical functions without identification or authentication, directly addressing the missing authentication for the centreon-awie critical import module.

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved authorizations and ACLs for logical access to system resources, mitigating unauthorized access to functionality not properly constrained by ACLs.

IA-8 Identification and Authentication (Non-organizational Users) good match

prevent

IA-8 requires identification and authentication for non-organizational users seeking system access, preventing unauthenticated remote exploitation of the critical function.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Missing authentication for critical function in public-facing Centreon app directly enables remote unauthenticated exploitation and full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.

Deeper analysisAI

CVE-2025-15026 is a Missing Authentication for Critical Function vulnerability (CWE-306) in the centreon-awie Awie import module of Centreon Infra Monitoring. This flaw allows accessing functionality not properly constrained by ACLs. It affects Centreon Infra Monitoring versions from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, and from 24.04.0 before 24.04.3. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.

Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. Exploitation enables high-impact disruption to confidentiality, integrity, and availability, potentially allowing remote attackers to fully compromise affected systems through unauthorized access to critical functions.

Centreon advisories recommend upgrading to patched versions 25.10.2, 24.10.3, or 24.04.3. Detailed mitigation guidance and release notes are available in the official GitHub releases at https://github.com/centreon/centreon/releases and the security bulletin at https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15026-centreon-awie-critical-severity-5357.