Cyber Resilience

CVE-2025-5965

HighRCE

Published: 05 January 2026

Published
05 January 2026
Modified
26 January 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 41.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-5965 is a high-severity OS Command Injection (CWE-78) vulnerability in Centreon Centreon Web. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 41.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-5965 is an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability, classified under CWE-78, affecting the Backup configuration in the administration setup modules of Centreon Infra Monitoring. A high-privilege user can concatenate custom instructions to the backup parameters, enabling arbitrary OS command execution. The vulnerability impacts versions from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, and from 24.04.0 before 24.04.19. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-01-05.

Exploitation requires a high-privilege (PR:H) account, accessible over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). An attacker with such access can inject and execute arbitrary OS commands via the backup setup, achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) in an unchanged scope (S:U).

Centreon advisories recommend mitigation through patching. Official release notes at https://github.com/centreon/centreon/releases detail fixes in versions 25.10.2, 24.10.15, and 24.04.19. Additional guidance is available in the security bulletin at https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5965-centreon-web-high-severity-5362.

EU & UK References

Vulnerability details

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in…

more

the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection in admin backup module directly enables arbitrary Unix shell command execution via T1059.004.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-2751Same product: Centreon Centreon Web
CVE-2024-53923Same product: Centreon Centreon Web
CVE-2024-55573Same product: Centreon Centreon Web
CVE-2026-44724Shared CWE-78
CVE-2026-22227Shared CWE-78
CVE-2024-40891Shared CWE-78
CVE-2026-26280Shared CWE-78
CVE-2024-57019Shared CWE-78
CVE-2026-45152Shared CWE-78
CVE-2025-53949Shared CWE-78

Affected Assets

centreon
centreon web
24.04.0 — 24.04.19 · 24.10.0 — 24.10.15 · 25.10.0 — 25.10.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and neutralization of untrusted input in backup parameters to block OS command injection via CWE-78.

prevent

Mandates prompt application of vendor patches (25.10.2/24.10.15/24.04.19) that eliminate the command-injection flaw in the backup configuration module.

prevent

Restricts high-privilege accounts from unnecessary access to the administration backup setup, limiting the population that can reach the injectable parameters.

References