CVE-2025-13056 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, found in Centreon Infra Monitoring's Administration ACL menu configuration modules. The vulnerability arises from improper neutralization of input during web page generation, allowing attackers with high privileges to inject malicious scripts that persist in the application. Affected versions include 24.04.0 before 24.04.19, 24.10.0 before 24.10.15, and 25.10.0 before 25.10.2. The attack vector is network-based, requiring no user interaction but necessitating high privilege levels, typically administrative access. Exploiting this vulnerability enables an attacker to execute arbitrary scripts in the context of a privileged user’s browser session, potentially leading to confidentiality breaches such as theft of sensitive data or session hijacking. The vulnerability does not impact integrity or availability directly but compromises confidentiality significantly. The CVSS v3.1 score is 6.8, reflecting medium severity, with the scope marked as changed due to the potential for privilege escalation within the application context. No public exploits have been reported yet, but the presence of stored XSS in a critical infrastructure monitoring tool represents a notable risk. Centreon Infra Monitoring is widely used in enterprise environments for monitoring IT infrastructure, making this vulnerability relevant for organizations relying on it for operational visibility and control. The vulnerability was reserved in November 2025 and published in January 2026, indicating recent discovery and disclosure. The lack of patch links suggests that fixes may be pending or recently released, emphasizing the need for vigilance and timely updates.

For European organizations, this vulnerability poses a significant risk to the confidentiality of monitoring data and administrative sessions within Centreon Infra Monitoring environments. Since the vulnerability allows stored XSS attacks by users with high privileges, attackers who gain administrative access could inject malicious scripts that execute whenever administrators access the affected modules. This could lead to theft of sensitive monitoring data, session hijacking, or further lateral movement within the network. Given that Centreon is used to monitor critical IT infrastructure, exploitation could undermine trust in monitoring data and potentially disrupt incident response efforts. The vulnerability does not directly affect system integrity or availability, but the confidentiality impact can lead to indirect operational risks. European organizations in sectors such as finance, energy, telecommunications, and government, which rely heavily on infrastructure monitoring, could face increased exposure. Additionally, regulatory requirements such as GDPR emphasize protecting sensitive data, making exploitation of this vulnerability a compliance concern. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers often target monitoring tools to gain footholds in networks.

1. Apply official patches from Centreon as soon as they become available for the affected versions (24.04.x, 24.10.x, 25.10.x). 2. Restrict administrative access to Centreon Infra Monitoring to trusted personnel and secure networks, employing network segmentation and VPNs where possible. 3. Implement strict input validation and sanitization on all user inputs in the ACL menu configuration modules to prevent injection of malicious scripts. 4. Deploy Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the web application context. 5. Monitor logs and user activities for unusual behavior indicative of attempted XSS exploitation or privilege misuse. 6. Educate administrators on the risks of stored XSS and encourage cautious handling of input fields within the administration interface. 7. Consider deploying Web Application Firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting Centreon. 8. Regularly review and update access control policies to minimize the number of users with high privileges. 9. Conduct security assessments and penetration testing focused on web application vulnerabilities in Centreon deployments. 10. Maintain an incident response plan that includes procedures for handling web application attacks and potential data breaches related to monitoring tools.