CVE-2025-5965
Published: 05 January 2026
Summary
CVE-2025-5965 is a high-severity OS Command Injection (CWE-78) vulnerability in Centreon Centreon Web. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 41.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-5965 is an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability, classified under CWE-78, affecting the Backup configuration in the administration setup modules of Centreon Infra Monitoring. A high-privilege user can concatenate custom instructions to the backup parameters, enabling arbitrary OS command execution. The vulnerability impacts versions from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, and from 24.04.0 before 24.04.19. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-01-05.
Exploitation requires a high-privilege (PR:H) account, accessible over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). An attacker with such access can inject and execute arbitrary OS commands via the backup setup, achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) in an unchanged scope (S:U).
Centreon advisories recommend mitigation through patching. Official release notes at https://github.com/centreon/centreon/releases detail fixes in versions 25.10.2, 24.10.15, and 24.04.19. Additional guidance is available in the security bulletin at https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5965-centreon-web-high-severity-5362.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-0897
Vulnerability details
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in…
more
the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in admin backup module directly enables arbitrary Unix shell command execution via T1059.004.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and neutralization of untrusted input in backup parameters to block OS command injection via CWE-78.
Mandates prompt application of vendor patches (25.10.2/24.10.15/24.04.19) that eliminate the command-injection flaw in the backup configuration module.
Restricts high-privilege accounts from unnecessary access to the administration backup setup, limiting the population that can reach the injectable parameters.