CVE-2025-12511 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in Centreon Infra Monitoring's DSM extension configuration modules. The vulnerability stems from improper neutralization of user-supplied input during web page generation, allowing malicious scripts to be stored and executed in the context of the web application. This flaw affects multiple versions of Centreon Infra Monitoring: 24.04.0 before 24.04.8, 24.10.0 before 24.10.4, and 25.10.0 before 25.10.1. An attacker with elevated privileges (high privileges) can exploit this vulnerability remotely over the network without requiring user interaction, injecting malicious JavaScript that executes when other privileged users access the affected pages. The CVSS v3.1 score is 6.8, indicating medium severity, with a vector of AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N. This means the attack can be launched remotely with low complexity, requires high privileges, no user interaction, and impacts confidentiality with a scope change, but does not affect integrity or availability. The vulnerability could allow attackers to steal sensitive information such as session tokens or credentials from privileged users, potentially leading to further compromise of the monitoring infrastructure. Centreon Infra Monitoring is widely used in enterprise IT environments for infrastructure and network monitoring, making this vulnerability significant for organizations relying on it to maintain operational visibility. No public exploits or active exploitation have been reported yet, but the presence of stored XSS in a privileged context is a notable risk. The lack of available patches at the time of reporting necessitates immediate attention to mitigation strategies.

For European organizations, the impact of CVE-2025-12511 can be substantial, especially those using Centreon Infra Monitoring for critical infrastructure oversight. Successful exploitation could lead to unauthorized disclosure of sensitive monitoring data, session hijacking, or further privilege escalation within the monitoring environment. This compromises the confidentiality of operational data and could indirectly affect the integrity of monitoring results if attackers leverage stolen credentials to manipulate configurations or alerts. Although availability is not directly impacted, the trustworthiness of the monitoring system could be undermined, affecting incident response and operational continuity. Given the central role of monitoring tools in IT operations, such a breach could facilitate lateral movement to other critical systems. European sectors with stringent regulatory requirements around data protection and operational security, such as finance, healthcare, and energy, would face compliance risks and potential reputational damage. The medium severity rating reflects the requirement for elevated privileges to exploit, but the network accessibility and no need for user interaction increase the risk profile in environments where administrative access controls are weak or compromised.

Organizations should prioritize upgrading Centreon Infra Monitoring to the fixed versions: 24.04.8, 24.10.4, or 25.10.1 once they become available. Until patches are applied, restrict access to the DSM extension configuration modules to only the most trusted administrators and enforce strict role-based access controls to minimize the number of users with elevated privileges. Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns that could indicate XSS payloads targeting the monitoring interface. Conduct thorough input validation and output encoding in any custom scripts or configurations related to Centreon to reduce injection risks. Regularly audit user privileges and monitor logs for unusual activity indicative of attempted exploitation. Employ multi-factor authentication (MFA) for all administrative accounts to reduce the risk of credential compromise. Finally, educate administrators about the risks of stored XSS and the importance of cautious handling of input fields within the monitoring platform.