CVE-2025-12513 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79 affecting Centreon Infra Monitoring software, specifically within the Hosts configuration form modules. This vulnerability arises from improper neutralization of input during web page generation, allowing malicious script injection that is persistently stored on the server. When a high-privileged user inputs crafted data into the Hosts configuration forms, the malicious script is saved and later executed in the browsers of other users who view the affected pages. The flaw affects Centreon Infra Monitoring versions from 25.10.0 before 25.10.2, 24.10.0 before 24.10.15, and 24.04.0 before 24.04.19. Exploitation requires authenticated access with high privileges but does not require further user interaction, increasing the risk within trusted administrative environments. The vulnerability can lead to the theft of session cookies, enabling attackers to impersonate legitimate users or access sensitive monitoring data, compromising confidentiality. The CVSS v3.1 base score is 6.8, indicating a medium severity level with network attack vector, low attack complexity, high privileges required, no user interaction, and a scope change. No public exploits have been reported yet, but the vulnerability poses a significant risk to organizations relying on Centreon Infra Monitoring for critical infrastructure monitoring and management.

For European organizations, the impact of CVE-2025-12513 can be significant, especially for those using Centreon Infra Monitoring to oversee critical IT infrastructure, industrial control systems, or network operations centers. Successful exploitation could allow attackers to steal session tokens or sensitive configuration data, potentially leading to unauthorized access or lateral movement within the network. This compromises the confidentiality of monitoring data, which may include sensitive operational details or security alerts. Although the vulnerability does not directly affect system integrity or availability, the breach of confidentiality can facilitate further attacks or espionage. Given that exploitation requires high privileges, the threat is primarily to organizations with insufficient internal access controls or where administrative credentials are not tightly managed. European sectors such as energy, telecommunications, finance, and government agencies that rely on Centreon for infrastructure monitoring are at heightened risk. The absence of known exploits reduces immediate risk but does not eliminate the potential for targeted attacks or future exploit development.

To mitigate CVE-2025-12513, European organizations should immediately upgrade Centreon Infra Monitoring to versions 25.10.2, 24.10.15, or 24.04.19 or later where the vulnerability is patched. If immediate patching is not feasible, restrict access to the Hosts configuration forms to only the most trusted administrators and implement strict role-based access controls to limit high privilege accounts. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting the Hosts configuration forms. Conduct regular audits of user inputs and logs for signs of attempted XSS injection. Additionally, enforce secure coding practices and input validation on any custom plugins or integrations with Centreon. Educate administrators about the risks of stored XSS and the importance of cautious input handling. Finally, monitor Centreon Infra Monitoring instances for unusual activity that may indicate exploitation attempts.