Awie
CVE-2025-15026
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
AnalysisAI
Centreon Infra Monitoring's centreon-awie module lacks authentication on critical import functions, allowing unauthenticated attackers to access functionality that should be restricted by ACLs. Affects multiple Centreon versions. Patch available.
Technical ContextAI
The centreon-awie module (used for configuration import/export) does not require authentication for critical functions (CWE-306). An attacker can access import functionality to inject malicious monitoring configurations, potentially gaining code execution through check commands or notification scripts.
RemediationAI
Update to Centreon 25.10.2, 24.10.3, or 24.04.3. Restrict network access to the AWIE module. Review imported configurations for unauthorized changes.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today