{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "24.10.0"
              },
              {
                "fixed": "24.10.6"
              }
            ]
          },
          "events": [
            {
              "introduced": "38e3f869ec4005acb857c92e3e2671bfa60879b4"
            },
            {
              "fixed": "a1aebe8b208603004059dbb90e69bde43d4e5fbe"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "24.04.0"
              },
              {
                "fixed": "24.04.9"
              }
            ]
          },
          "events": [
            {
              "introduced": "7b39edd9d115eabe0fae2b4bd1aded1889dbb6c3"
            },
            {
              "fixed": "2a2b4f298d1145f05f47bddb5522903a44e5792f"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "23.10.0"
              },
              {
                "fixed": "23.10.15"
              }
            ]
          },
          "events": [
            {
              "introduced": "755448bcd365969a97e902b856a1e5f56d80adaa"
            },
            {
              "fixed": "ed510eb9f8cb711d749eb0248d94c9cb7df54d6d"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Centreon",
    "cwe_ids": [
      "CWE-276"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/8xxx/CVE-2025-8432.json"
  },
  "details": "Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.",
  "id": "CVE-2025-8432",
  "modified": "2026-03-04T02:34:07.683015199Z",
  "published": "2025-10-27T10:08:33.662Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/8xxx/CVE-2025-8432.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/centreon/centreon/releases"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8432"
    },
    {
      "type": "ADVISORY",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8432-centreon-mbi-high-severity-5180"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON"
}