CVE-2025-5946

HIGH

CVSS v3

7.2

HIGH

EPSS Score

24.1%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.

Technical Details

Published
10/14/2025

Frequently Asked Questions

What is CVE-2025-5946?

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.

Is CVE-2025-5946 actively exploited?

Active exploitation of CVE-2025-5946 has not been confirmed. The EPSS score is 24.1%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-5946?

CVE-2025-5946 has a CVSS v3 base score of 7.2 (HIGH severity).

Is CVE-2025-5946 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.