CVE-2025-13056 is a stored Cross-Site Scripting (XSS) vulnerability identified in Centreon Infra Monitoring, specifically within the Administration ACL menu configuration modules. The root cause is improper neutralization of input during web page generation, classified under CWE-79. This flaw allows an attacker with high privileges to inject malicious scripts that are stored and later executed in the browsers of other users accessing the affected interface. The vulnerability affects multiple versions of Centreon Infra Monitoring: from 25.10.0 before 25.10.2, 24.10.0 before 24.10.15, and 24.04.0 before 24.04.19. The CVSS v3.1 score is 6.8, indicating medium severity, with an attack vector over the network, low attack complexity, and requiring high privileges but no user interaction. The scope is changed (S:C), and the impact is primarily on confidentiality (C:H), with no impact on integrity or availability. This means an attacker could potentially steal sensitive information accessible to users of the system but cannot alter data or disrupt services directly. No public exploits have been reported yet, but the vulnerability's presence in critical monitoring infrastructure software makes it a significant concern. Centreon Infra Monitoring is widely used in enterprise and industrial environments for infrastructure and network monitoring, making this vulnerability relevant for organizations relying on it for operational visibility and control.

For European organizations, the impact of CVE-2025-13056 can be significant, especially those using Centreon Infra Monitoring for critical infrastructure and network management. Successful exploitation could lead to unauthorized disclosure of sensitive information accessible through the monitoring platform, such as configuration details, user data, or operational metrics. Since the vulnerability requires high privileges, the attacker would likely be an insider or someone who has already compromised an administrative account, thus potentially escalating the impact of an existing breach. Confidentiality breaches could facilitate further attacks, including lateral movement or targeted espionage. The vulnerability does not directly affect system integrity or availability, so service disruption is unlikely. However, the trustworthiness of monitoring data and administrative interfaces could be undermined, impacting incident response and operational decision-making. European sectors such as energy, telecommunications, finance, and government agencies that rely on Centreon for infrastructure monitoring are particularly at risk. The medium severity score reflects the balance between the required privileges and the potential confidentiality impact.

1. Apply patches promptly once Centreon releases updates for versions 25.10.2, 24.10.15, and 24.04.19 or later that address this vulnerability. 2. Restrict administrative access to the Centreon Infra Monitoring platform using network segmentation, VPNs, and strict access control policies to limit exposure to high-privilege accounts. 3. Implement strong authentication mechanisms such as multi-factor authentication (MFA) for all administrative users to reduce the risk of credential compromise. 4. Deploy Web Application Firewalls (WAFs) with rules to detect and block common XSS payloads targeting the Centreon interface. 5. Conduct regular security audits and code reviews of custom configurations or plugins that interact with the ACL menu to detect any unsafe input handling. 6. Monitor logs and user activity for unusual behavior indicative of attempted or successful exploitation. 7. Educate administrators about the risks of stored XSS and safe input handling practices when configuring ACL menus or other web interface elements. 8. Consider isolating the monitoring platform from general user networks to reduce the attack surface.