CVE-2025-12513 is a stored Cross-Site Scripting (XSS) vulnerability identified in Centreon Infra Monitoring, specifically within the Hosts configuration form modules. The flaw arises from improper neutralization of input during web page generation, classified under CWE-79. This vulnerability allows an authenticated user with high privileges to inject malicious JavaScript code that is persistently stored and subsequently executed in the browsers of other users who access the affected pages. The affected versions include 24.04.0 before 24.04.19, 24.10.0 before 24.10.15, and 25.10.0 before 25.10.2. The CVSS 3.1 base score is 6.8, indicating a medium severity level. The attack vector is network-based (remote), with low attack complexity, but requires high privileges and no user interaction. The scope is changed, meaning the vulnerability can affect resources beyond the initially compromised component. The impact is primarily on confidentiality, as malicious scripts could exfiltrate sensitive data or session tokens. There are no known exploits publicly reported yet, but the vulnerability poses a significant risk in environments where Centreon Infra Monitoring is deployed, especially in critical infrastructure monitoring. The vulnerability underscores the importance of input validation and output encoding in web applications to prevent injection attacks.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive monitoring data, session hijacking, or unauthorized actions performed in the context of privileged users. Since Centreon Infra Monitoring is widely used for IT infrastructure and network monitoring, exploitation could compromise the confidentiality of operational data and potentially facilitate further attacks within the network. The requirement for high privileges limits the attack surface to trusted users or insiders, but the stored nature of the XSS means that other users with access to the monitoring interface could be impacted. This could disrupt incident response and monitoring activities, leading to delayed detection of other threats. Organizations in sectors such as energy, telecommunications, finance, and government, which rely heavily on infrastructure monitoring, may face increased risk. Additionally, the cross-site scripting could be used as a stepping stone for more complex attacks, including privilege escalation or lateral movement within the network.

1. Apply the latest patches from Centreon as soon as they become available for the affected versions (24.04.19+, 24.10.15+, 25.10.2+). 2. Restrict access to the Centreon Infra Monitoring interface to only trusted, high-privilege users and enforce strong authentication and authorization controls. 3. Implement Content Security Policy (CSP) headers to limit the execution of untrusted scripts within the web application context. 4. Deploy Web Application Firewalls (WAFs) with rules specifically designed to detect and block XSS payloads targeting Centreon. 5. Conduct regular security audits and input validation reviews on custom configurations or plugins that interact with the Hosts configuration forms. 6. Educate privileged users about the risks of injecting untrusted input and enforce strict change management policies. 7. Monitor logs and user activity for unusual behavior that could indicate exploitation attempts. 8. Consider network segmentation to isolate monitoring systems from general user networks to reduce exposure.