{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/web-versions-25.10.x/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Web versions 25.10.x","Web versions"],"_cs_severities":["critical"],"_cs_tags":["centreon","rce","security-bypass"],"_cs_type":"threat","_cs_vendors":["Centreon"],"content_html":"\u003cp\u003eMultiple vulnerabilities have been discovered in Centreon Web, a web-based interface for the Centreon IT infrastructure monitoring platform. The vulnerabilities affect Centreon Web versions 25.10.x prior to 25.10.12 and versions prior to 24.10.25. Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code on the affected system and bypass security policies, potentially leading to complete system compromise. The CERT-FR published this advisory on May 29, 2026, following the release of Centreon\u0026rsquo;s security bulletin on May 28, 2026. Organizations using affected versions of Centreon Web are advised to apply the necessary patches to mitigate the risks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Centreon Web instance running a version prior to 25.10.12 or 24.10.25.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request to exploit a remote code execution vulnerability within the Centreon Web application.\u003c/li\u003e\n\u003cli\u003eThe malicious request is sent to the vulnerable Centreon Web server.\u003c/li\u003e\n\u003cli\u003eThe Centreon Web application processes the request without proper sanitization, leading to the execution of attacker-controlled code.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s code executes with the privileges of the web server user.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the initial code execution to escalate privileges on the system.\u003c/li\u003e\n\u003cli\u003eAttacker bypasses security policies, potentially gaining access to sensitive data or functionality.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution, potentially installing malware, establishing persistence, or exfiltrating data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can allow a remote attacker to execute arbitrary code and bypass security policies. This could lead to complete compromise of the Centreon Web server, potentially affecting the entire monitoring infrastructure. The impact includes data breaches, system downtime, and further lateral movement within the network. Given Centreon\u0026rsquo;s role in monitoring critical IT infrastructure, a successful attack could have significant consequences for affected organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patches provided by Centreon as detailed in their security bulletin from May 28, 2026 to remediate the vulnerabilities in affected Centreon Web versions (versions 25.10.x before 25.10.12 and versions before 24.10.25).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Centreon Web Security Policy Bypass\u0026rdquo; to identify potential security policy bypass attempts based on suspicious HTTP requests targeting the webserver.\u003c/li\u003e\n\u003cli\u003eMonitor webserver logs for suspicious activity, such as unusual HTTP requests or unexpected code execution, to identify potential exploitation attempts against Centreon Web.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T14:40:26Z","date_published":"2026-05-29T14:40:26Z","id":"https://feed.craftedsignal.io/briefs/2026-05-centreon-web-vulns/","summary":"Multiple vulnerabilities in Centreon Web versions 25.10.x before 25.10.12 and versions before 24.10.25 allow a remote attacker to achieve arbitrary code execution and bypass security policies.","title":"Multiple Vulnerabilities in Centreon Web Allow RCE and Security Bypass","url":"https://feed.craftedsignal.io/briefs/2026-05-centreon-web-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Web Versions 25.10.x","version":"https://jsonfeed.org/version/1.1"}