CVE-2025-12511 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, found in Centreon Infra Monitoring software, specifically within the DSM extension configuration modules. The flaw stems from improper neutralization of input during web page generation, allowing malicious scripts to be stored and later executed in the context of users with elevated privileges. A successful exploit requires the attacker to have high-level privileges (administrative or equivalent) but does not require user interaction, increasing the risk of automated exploitation within trusted environments. The vulnerability affects multiple versions of Centreon Infra Monitoring: 25.10.0 before 25.10.1, 24.10.0 before 24.10.4, and 24.04.0 before 24.04.8. The CVSS v3.1 base score is 6.8, reflecting a medium severity level, with an attack vector of network (remote), low attack complexity, and no user interaction needed. The scope is changed (S:C), indicating that exploitation can affect resources beyond the initially vulnerable component. The impact is primarily on confidentiality, potentially allowing attackers to steal sensitive information such as session tokens or administrative data. There is no impact on integrity or availability. No public exploits or active exploitation in the wild have been reported to date. The vulnerability is particularly concerning in environments where Centreon Infra Monitoring is used to oversee critical infrastructure or sensitive systems, as attackers could leverage this flaw to escalate privileges or move laterally within a network.

For European organizations, the impact of CVE-2025-12511 can be significant, especially for those relying on Centreon Infra Monitoring for critical infrastructure monitoring, IT operations, or industrial control systems. The vulnerability allows attackers with elevated privileges to execute malicious scripts that could lead to the disclosure of sensitive information such as authentication tokens, configuration details, or monitoring data. This could facilitate further attacks, including unauthorized access or lateral movement within the network. Although the vulnerability does not directly affect system integrity or availability, the confidentiality breach could undermine trust in monitoring data and potentially expose operational details to adversaries. Given the medium severity and the requirement for elevated privileges, the threat is more pronounced in environments with weak access controls or where administrative credentials are not tightly managed. European sectors such as energy, telecommunications, finance, and government agencies that use Centreon Infra Monitoring are at heightened risk, as attackers could leverage this vulnerability to gain insights into network topology or disrupt incident response capabilities indirectly.

1. Apply patches from Centreon as soon as they are released for versions 25.10.0, 24.10.0, and 24.04.0 to their respective fixed versions (25.10.1, 24.10.4, 24.04.8). 2. Restrict administrative access to Centreon Infra Monitoring to a minimal set of trusted users, implementing strong authentication mechanisms such as multi-factor authentication (MFA). 3. Conduct regular audits of user privileges and remove unnecessary elevated permissions to reduce the attack surface. 4. Implement Content Security Policy (CSP) headers and input validation/sanitization at the application layer to mitigate the impact of potential XSS payloads. 5. Monitor logs and network traffic for unusual activity indicative of attempted exploitation, focusing on administrative interfaces. 6. Educate administrators on the risks of stored XSS and the importance of cautious input handling within configuration modules. 7. Consider deploying web application firewalls (WAF) with rules tuned to detect and block XSS attempts targeting Centreon Infra Monitoring. 8. Isolate monitoring infrastructure from general user networks to limit exposure in case of compromise.