CVE-2025-4646
📋 TL;DR
An incorrect authorization vulnerability in Centreon web's API token creation form allows authenticated users to create API tokens with higher privileges than intended. This affects Centreon web installations running versions 24.04.0-24.04.9 or 24.10.0-24.10.3, potentially enabling privilege escalation.
💻 Affected Systems
- Centreon web
📦 What is this software?
Centreon Web by Centreon
Centreon Web by Centreon
⚠️ Risk & Real-World Impact
Worst Case
An authenticated low-privilege user could create API tokens with administrative privileges, gaining full control over the Centreon monitoring system, potentially compromising monitored infrastructure.
Likely Case
Authenticated users with some access could escalate their privileges to administrative level, allowing unauthorized configuration changes, data access, and system manipulation.
If Mitigated
With proper access controls and monitoring, exploitation would be detected and contained before significant damage occurs.
🎯 Exploit Status
Exploitation requires authenticated access; the vulnerability is in authorization logic for API token creation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24.04.10 or 24.10.4
Vendor Advisory: https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55572-centreon-web-high-severity-4460
Restart Required: Yes
Instructions:
1. Backup your Centreon configuration and database. 2. Update to Centreon web version 24.04.10 or 24.10.4 using the official update mechanism. 3. Restart Centreon services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict API Token Creation
linuxTemporarily disable or restrict API token creation functionality for non-administrative users.
# Modify Centreon ACLs to remove API token creation permissions from non-admin roles
Network Segmentation
allRestrict access to Centreon web interface to trusted networks only.
# Configure firewall rules to limit Centreon web access
🧯 If You Can't Patch
- Implement strict access controls and monitor all API token creation activities.
- Disable API token functionality entirely until patching is possible.
🔍 How to Verify
Check if Vulnerable:
Check Centreon web version via web interface or command line; versions 24.04.0-24.04.9 or 24.10.0-24.10.3 are vulnerable.Check Version:
rpm -qa | grep centreon-web or check via Centreon web interface under 'Administration > About'Verify Fix Applied:
Verify Centreon web version is 24.04.10 or higher, or 24.10.4 or higher.📡 Detection & Monitoring
Log Indicators:
- Unusual API token creation events, especially from non-admin users
- Multiple API token creation attempts in short time
Network Indicators:
- Increased API requests to token creation endpoints from unexpected sources
SIEM Query:
source="centreon" AND (event="api_token_creation" OR event="token_generation") AND user_role!="admin"