CVE-2025-54889 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in Centreon Infra Monitoring's SNMP traps manufacturer configuration modules. The vulnerability stems from improper neutralization of input during web page generation, enabling attackers with elevated privileges to inject malicious scripts that are stored and executed in the context of the web application. Affected versions include 23.10.0 before 23.10.28, 24.04.0 before 24.04.18, and 24.10.0 before 24.10.13. The vulnerability allows an attacker to execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions within the monitoring platform. The CVSS 3.1 score of 6.8 reflects a medium severity, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), and scope changed (S:C), with high confidentiality impact (C:H) but no integrity or availability impact. No known exploits are currently reported in the wild, but the vulnerability poses a risk especially in environments where users have elevated privileges. Centreon Infra Monitoring is widely used for IT infrastructure and network monitoring, making this vulnerability relevant for organizations relying on this tool for operational continuity and security monitoring. The improper input neutralization indicates a lack of sufficient sanitization or encoding of user-supplied data before rendering in the web interface, a common vector for stored XSS attacks. This vulnerability could be exploited by malicious insiders or attackers who have gained elevated access, allowing them to implant persistent scripts that execute whenever affected pages are viewed by administrators or other privileged users.

For European organizations, the impact of CVE-2025-54889 can be significant, particularly in sectors relying heavily on Centreon Infra Monitoring for critical infrastructure oversight, such as telecommunications, energy, finance, and government agencies. Successful exploitation could lead to unauthorized disclosure of sensitive monitoring data, session hijacking of privileged users, and potential lateral movement within the network. Although the vulnerability does not directly affect system integrity or availability, compromising confidentiality in monitoring systems can undermine trust in security alerts and operational data, delaying incident response and increasing risk exposure. The requirement for elevated privileges limits the attack surface but also highlights the importance of strict access controls. Given the interconnected nature of European IT infrastructure and regulatory requirements such as GDPR, any breach involving sensitive operational data could result in compliance violations and reputational damage. Additionally, attackers could leverage this vulnerability as a foothold for further attacks against critical infrastructure, making timely remediation essential.

1. Apply the official patches released by Centreon for versions 23.10.28, 24.04.18, and 24.10.13 or later immediately to remediate the vulnerability. 2. Restrict elevated user privileges to the minimum necessary, enforcing the principle of least privilege to reduce the risk of exploitation. 3. Implement strict input validation and output encoding on all user-supplied data within the Centreon Infra Monitoring interface, especially in configuration modules handling SNMP traps. 4. Deploy Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the web application context. 5. Monitor logs and user activities for suspicious behavior indicative of attempted XSS exploitation or privilege misuse. 6. Conduct regular security assessments and penetration testing focused on web application vulnerabilities within monitoring tools. 7. Educate administrators and privileged users about the risks of stored XSS and safe handling of configuration inputs. 8. Consider network segmentation and additional access controls around monitoring infrastructure to limit exposure.