CVE-2025-10023 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, found in the Centreon Infra Monitoring product specifically within the Services Meta-services modules. The flaw stems from improper neutralization of user-supplied input during web page generation, which allows attackers with elevated privileges to inject malicious scripts that persist in the application. These scripts execute in the browsers of other users who view the affected pages, potentially leading to the theft of sensitive information such as session tokens or the execution of unauthorized actions within the context of the victim's session. The vulnerability affects multiple versions of Centreon Infra Monitoring: 23.10.0 before 23.10.26, 24.04.0 before 24.04.16, and 24.10.0 before 24.10.9. Exploitation requires an attacker to have elevated privileges and involves user interaction, which limits the attack vector but does not eliminate risk, especially in environments with multiple administrators or privileged users. The CVSS v3.1 base score is 6.2, reflecting a medium severity with network attack vector, low attack complexity, high privileges required, and user interaction needed. The impact is primarily on confidentiality, as attackers can exfiltrate sensitive data via malicious scripts, but there is no direct impact on integrity or availability. No public exploits have been reported yet, but the presence of stored XSS in a monitoring platform used for critical infrastructure elevates the risk profile. Centreon Infra Monitoring is widely used in enterprise and service provider environments for IT infrastructure monitoring, making this vulnerability relevant for organizations relying on this software for operational visibility and control.

For European organizations, the impact of CVE-2025-10023 can be significant due to the critical role Centreon Infra Monitoring plays in overseeing IT infrastructure and services. Successful exploitation could allow attackers to execute malicious scripts in the context of other users, potentially leading to unauthorized access to sensitive monitoring data, session hijacking, or lateral movement within the network. This could compromise confidentiality of operational data and credentials, undermining trust in monitoring outputs and potentially delaying detection of other security incidents. Although the vulnerability does not directly affect system integrity or availability, the indirect consequences of compromised monitoring data or administrative sessions could disrupt incident response and operational continuity. Organizations with complex IT environments and multiple administrators are particularly at risk. The requirement for elevated privileges limits exposure but also highlights the importance of strict access controls. European critical infrastructure sectors, including energy, telecommunications, and finance, often rely on such monitoring tools, increasing the potential impact. Additionally, regulatory frameworks like GDPR emphasize protecting sensitive data, making exploitation of this vulnerability a compliance concern.

1. Apply patches from Centreon as soon as they are released for versions 23.10.26, 24.04.16, and 24.10.9 or later to remediate the vulnerability. 2. Restrict elevated privileges to the minimum necessary users and regularly review user roles to limit potential attackers' ability to exploit the vulnerability. 3. Implement strict input validation and output encoding on all user-supplied data within the Centreon application, especially in the Services Meta-services modules. 4. Deploy Content Security Policy (CSP) headers to reduce the impact of XSS by restricting the execution of unauthorized scripts. 5. Monitor logs and user activity for unusual behavior indicative of attempted exploitation, focusing on privileged user actions. 6. Conduct security awareness training for administrators to recognize phishing or social engineering attempts that could lead to privilege escalation or exploitation. 7. Consider network segmentation and isolation of the monitoring infrastructure to limit exposure to external threats. 8. Regularly audit and update the Centreon Infra Monitoring environment and dependencies to maintain security hygiene.