Publication date: August 11th, 2025
Components: centreon-gorgone
Description: Command whitelist is too permissive for auto-discovery and could be exploited by a user with priviledges on the Centreon UI to remotely control a target.
Reference: N/A
CVSS: 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Severity: Critical
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Gorgone and add parameter "no_shell_interpretation" to Gorgone configuration as documented.
These versions include cumulative fixes from prior updates.
Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.