cbcvebase.
CVE-2025-5965
published 2026-01-05

CVE-2025-5965: In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special…

PriorityP264high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
24.82%
97.6th percentile
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

Affected

11 ranges
VendorProductVersion rangeFixed in
centreoncentreon_web>= 24.04.0 < 24.04.1924.04.19
centreoncentreon_web>= 24.10.0 < 24.10.1524.10.15
centreoncentreon_web>= 25.10.0 < 25.10.225.10.2
centreoninfra_monitoring>= 24.04.0 < 24.04.1924.04.19
centreoninfra_monitoring>= 24.10.0 < 24.10.1524.10.15
centreoninfra_monitoring>= 25.10.0 < 25.10.225.10.2
linuxlinux_kernel< 6.6.1176.6.117
linuxlinux_kernel>= 0 < 5.15.1975.15.197
linuxlinux_kernel>= 5.16.0 < 6.1.1596.1.159
linuxlinux_kernel>= 6.2.0 < 6.12.596.12.59
linuxlinux_kernel>= 6.7.0 < 6.17.96.17.9

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.