CVE-2025-8432

High

Published: 27 October 2025

Published

27 October 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0095 76.5th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8432 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Centreon Infra Monitoring (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked in the top 23.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to Services File Permissions Weakness (T1574.010) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation through patching affected Centreon Infra Monitoring versions directly eliminates the incorrect default permissions vulnerability.

AC-6 Least Privilege good match

prevent

Least privilege enforcement restricts the high-privilege CentreonBI user account from embedding scripts within scripts.

CM-6 Configuration Settings good match

prevent

Secure configuration settings ensure default permissions for MBI modules do not allow unauthorized script embedding.

MITRE ATT&CK Enterprise TechniquesAI

T1574.010 Services File Permissions Weakness Stealth

Adversaries may execute their own malicious payloads by hijacking the binaries used by services.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

Incorrect default permissions (CWE-276) enable a high-privileged CentreonBI user to embed scripts within scripts, facilitating abuse of file system permissions weaknesses (T1044) and execution via command and scripting interpreters (T1059).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.

Deeper analysisAI

CVE-2025-8432 is an Incorrect Default Permissions vulnerability (CWE-276) in the MBI modules of Centreon Infra Monitoring. It enables the CentreonBI user account on the MBI server to embed scripts within scripts. The issue affects Centreon Infra Monitoring versions from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, and from 23.10.0 before 23.10.15. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).

An attacker requires high privileges, such as access to the CentreonBI user account on the MBI server, along with network access and user interaction to exploit this vulnerability. The low attack complexity and changed scope allow a successful exploit to achieve high impacts on confidentiality, integrity, and availability, potentially enabling arbitrary script execution or escalation through embedded malicious scripts.

Centreon advisories recommend upgrading to patched versions 24.10.6, 24.04.9, or 23.10.15. Additional mitigation details are available in the official security bulletin at https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8432-centreon-mbi-high-severity-5180 and the GitHub releases page at https://github.com/centreon/centreon/releases.