Cyber Resilience

CVE-2025-8432

High

Published: 27 October 2025

Published
27 October 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0103 77.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8432 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Centreon Infra Monitoring (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked in the top 22.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2025-8432 is an Incorrect Default Permissions vulnerability, tracked under CWE-276, that affects the MBI modules within Centreon Infra Monitoring. It permits the CentreonBI user account on the MBI server to embed scripts within scripts. The flaw impacts versions 24.10.0 before 24.10.6, 24.04.0 before 24.04.9, and 23.10.0 before 23.10.15, and carries a CVSS 3.1 score of 8.4.

An attacker with high privileges who can authenticate as the CentreonBI account may leverage the permission misconfiguration to inject and execute arbitrary scripts. Because the vulnerability is network-reachable with low attack complexity and requires user interaction, successful exploitation can result in full compromise of confidentiality, integrity, and availability on the affected server with changed scope.

Centreon has published fixes in the referenced releases and corresponding security bulletin, directing administrators to upgrade the affected Infra Monitoring versions to 24.10.6, 24.04.9, or 23.10.15 or later. The associated GitHub release notes provide the updated packages.

EPSS scores for this CVE remain low, with a current value of 0.0103 and a peak of 0.0107.

EU & UK References

Vulnerability details

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.010 Services File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by services.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Incorrect default permissions (CWE-276) enable a high-privileged CentreonBI user to embed scripts within scripts, facilitating abuse of file system permissions weaknesses (T1044) and execution via command and scripting interpreters (T1059).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-47852Shared CWE-276
CVE-2025-24915Shared CWE-276
CVE-2025-10314Shared CWE-276
CVE-2021-47761Shared CWE-276
CVE-2025-57625Shared CWE-276
CVE-2025-60262Shared CWE-276
CVE-2020-37129Shared CWE-276
CVE-2025-27677Shared CWE-276
CVE-2025-21532Shared CWE-276
CVE-2024-56525Shared CWE-276

Affected Assets

Centreon
Infra Monitoring
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through patching affected Centreon Infra Monitoring versions directly eliminates the incorrect default permissions vulnerability.

prevent

Least privilege enforcement restricts the high-privilege CentreonBI user account from embedding scripts within scripts.

prevent

Secure configuration settings ensure default permissions for MBI modules do not allow unauthorized script embedding.

References