CVE-2025-10023 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting Centreon Infra Monitoring's Services and Meta-services modules. The flaw arises from improper neutralization of input during web page generation, allowing malicious scripts to be stored and executed in the context of other users' browsers. This vulnerability affects versions 23.10.0 before 23.10.26, 24.04.0 before 24.04.16, and 24.10.0 before 24.10.9. Exploitation requires an attacker to have elevated privileges within the Centreon platform, meaning they must be authenticated with sufficient rights to inject malicious payloads. When a victim with access views the compromised page, the injected script executes, potentially exposing sensitive session tokens or enabling actions on behalf of the victim. The CVSS 3.1 vector indicates a network attack vector with low complexity, but requiring privileges and user interaction, and the scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component. The confidentiality impact is high, while integrity and availability impacts are none, indicating the primary risk is data exposure or session compromise rather than system disruption. No public exploits are currently known, but the vulnerability's presence in widely used monitoring software makes it a significant concern for organizations relying on Centreon for infrastructure monitoring and management.

For European organizations, the impact of CVE-2025-10023 can be significant, especially in sectors relying heavily on Centreon Infra Monitoring for critical infrastructure oversight such as energy, telecommunications, finance, and government. Successful exploitation could lead to unauthorized disclosure of sensitive monitoring data, session hijacking, or lateral movement within the network if attackers leverage stolen credentials or session tokens. This could undermine trust in monitoring data integrity and availability, potentially delaying incident response or masking ongoing attacks. Given the vulnerability requires elevated privileges, insider threats or compromised privileged accounts pose the greatest risk. The medium severity rating suggests that while the vulnerability is not trivially exploitable by unauthenticated attackers, the consequences of exploitation warrant prompt remediation to prevent escalation or data leakage. Additionally, the cross-site scripting nature could facilitate phishing or social engineering attacks within the organization by injecting malicious content into trusted administrative interfaces.

To mitigate CVE-2025-10023, European organizations should: 1) Immediately apply available patches or updates from Centreon for affected versions (24.10.9, 24.04.16, 23.10.26 or later). 2) Restrict elevated privileges to the minimum necessary users and regularly audit privileged accounts to reduce the attack surface. 3) Implement strict input validation and output encoding on all user-generated content within Centreon interfaces, if customization is possible. 4) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers accessing the monitoring platform. 5) Monitor logs for unusual activities related to user input or privilege escalation attempts. 6) Educate administrators and users with elevated privileges about the risks of XSS and safe browsing practices. 7) Consider network segmentation to isolate monitoring infrastructure and limit exposure if compromise occurs. 8) Use multi-factor authentication (MFA) for all privileged accounts to reduce the risk of credential misuse. These steps go beyond generic advice by focusing on privilege management, patch prioritization, and layered defenses specific to the nature of this vulnerability.