Cyber Posture

CVE-2025-5965

HighRCE

Published: 05 January 2026

Published
05 January 2026
Modified
26 January 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0017 38.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-5965 is a high-severity OS Command Injection (CWE-78) vulnerability in Centreon Centreon Web. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 38.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications
addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation
addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

OS command injection in admin backup module directly enables arbitrary Unix shell command execution via T1059.004.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in…

more

the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

Deeper analysisAI

CVE-2025-5965 is an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability, classified under CWE-78, affecting the Backup configuration in the administration setup modules of Centreon Infra Monitoring. A high-privilege user can concatenate custom instructions to the backup parameters, enabling arbitrary OS command execution. The vulnerability impacts versions from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, and from 24.04.0 before 24.04.19. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-01-05.

Exploitation requires a high-privilege (PR:H) account, accessible over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). An attacker with such access can inject and execute arbitrary OS commands via the backup setup, achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) in an unchanged scope (S:U).

Centreon advisories recommend mitigation through patching. Official release notes at https://github.com/centreon/centreon/releases detail fixes in versions 25.10.2, 24.10.15, and 24.04.19. Additional guidance is available in the security bulletin at https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5965-centreon-web-high-severity-5362.

Details

CWE(s)
CWE-78

Affected Products

centreon
centreon web
24.04.0 — 24.04.19 · 24.10.0 — 24.10.15 · 25.10.0 — 25.10.2

CVEs Like This One

CVE-2024-53923Same product: Centreon Centreon Web
CVE-2026-2751Same product: Centreon Centreon Web
CVE-2024-55573Same product: Centreon Centreon Web
CVE-2026-1460Shared CWE-78
CVE-2026-22227Shared CWE-78
CVE-2024-54018Shared CWE-78
CVE-2025-22606Shared CWE-78
CVE-2024-55590Shared CWE-78
CVE-2024-57019Shared CWE-78
CVE-2025-22495Shared CWE-78

References