CVE-2025-54889 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting Centreon Infra Monitoring software versions 23.10.0 before 23.10.28, 24.04.0 before 24.04.18, and 24.10.0 before 24.10.13. The vulnerability exists in the SNMP traps manufacturer configuration modules, where user input is not properly sanitized or neutralized during web page generation. This flaw allows an attacker with elevated privileges to inject malicious JavaScript code that is stored persistently and executed in the context of other users accessing the affected interface. The vulnerability requires no user interaction to trigger but does require the attacker to have high privileges within the system, limiting the attack surface to trusted users or insiders. The CVSS v3.1 score is 6.8, reflecting a medium severity with a network attack vector, low attack complexity, and no user interaction needed. The impact primarily affects confidentiality, as the injected scripts can steal session cookies or sensitive information, but does not directly affect integrity or availability. No known exploits have been reported in the wild as of the publication date. Centreon Infra Monitoring is widely used in IT infrastructure monitoring, including in critical environments, making this vulnerability a concern for organizations relying on this product for network and system health monitoring. The vulnerability underscores the importance of proper input validation and output encoding in web applications, especially those managing critical infrastructure components.

For European organizations, the impact of CVE-2025-54889 can be significant in environments where Centreon Infra Monitoring is deployed to oversee critical IT infrastructure and network health. Successful exploitation could lead to unauthorized disclosure of sensitive monitoring data, session hijacking, or further lateral movement within the network if attackers leverage stolen credentials or session tokens. This could undermine trust in monitoring systems, delay incident detection, and potentially facilitate more severe attacks. Confidentiality breaches could expose sensitive configuration details or operational data, which may be leveraged by threat actors targeting critical infrastructure sectors such as energy, telecommunications, finance, and government services. Although the vulnerability does not directly affect system integrity or availability, the indirect consequences of compromised monitoring systems could be severe, including delayed response to outages or attacks. The requirement for elevated privileges limits the risk to insider threats or compromised administrator accounts, but organizations with weak access controls or insufficient privilege management are at higher risk. Given the widespread use of Centreon in Europe, especially in countries with advanced IT infrastructure, the vulnerability poses a moderate but non-negligible threat to operational security.

1. Apply patches: Monitor Centreon’s official releases and promptly apply the security updates for versions 23.10.28, 24.04.18, and 24.10.13 or later once available. 2. Restrict elevated privileges: Limit the number of users with high-level access to the SNMP traps manufacturer configuration modules and enforce strict role-based access controls to minimize the attack surface. 3. Input validation and output encoding: If customizations or integrations exist, ensure proper input sanitization and output encoding are implemented to prevent injection of malicious scripts. 4. Web Application Firewall (WAF): Deploy and configure WAFs with rules to detect and block XSS payloads targeting Centreon interfaces. 5. Monitor logs and user activity: Implement enhanced monitoring of administrative actions and anomalous behavior to detect potential exploitation attempts early. 6. Security awareness: Train privileged users on the risks of XSS and the importance of cautious input handling. 7. Network segmentation: Isolate monitoring infrastructure to reduce the impact of any compromise. 8. Incident response readiness: Prepare for potential incidents involving monitoring systems by having clear response plans and backups.