CVE-2025-54890 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting Centreon Infra Monitoring versions from 23.10.0 before 23.10.29, 24.04.0 before 24.04.19, and 24.10.0 before 24.10.15. The flaw exists in the Hostgroup configuration page where user input is improperly sanitized during web page generation, allowing malicious scripts to be stored and executed in the context of the web application. This vulnerability requires the attacker to have elevated privileges within the Centreon Infra Monitoring system, which typically means administrative or similar high-level access. The CVSS 3.1 score of 6.8 reflects a medium severity, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), and a scope change (S:C). The impact is high on confidentiality (C:H) but none on integrity (I:N) or availability (A:N). Exploiting this vulnerability could allow an attacker to execute arbitrary scripts in the victim’s browser, potentially leading to session hijacking, theft of sensitive monitoring data, or further internal attacks leveraging the victim’s authenticated session. No public exploits have been reported yet, but the vulnerability is publicly disclosed and patches are available in newer versions. The vulnerability is particularly concerning in environments where Centreon Infra Monitoring is used to oversee critical infrastructure or sensitive network environments.

For European organizations, the impact of CVE-2025-54890 can be significant, especially for those relying on Centreon Infra Monitoring for critical infrastructure or enterprise network monitoring. Successful exploitation could lead to unauthorized disclosure of sensitive monitoring data, including system statuses, network topologies, and potentially credentials or tokens stored in the web session. This could facilitate further lateral movement or targeted attacks within the network. The confidentiality breach could undermine trust in monitoring data integrity, complicate incident response, and expose organizations to compliance violations under regulations like GDPR if personal or sensitive data is indirectly exposed. Since the vulnerability requires elevated privileges, the risk is somewhat mitigated by internal access controls, but insider threats or compromised privileged accounts remain a concern. The lack of impact on availability means service disruption is unlikely, but the confidentiality impact alone justifies urgent remediation.

To mitigate CVE-2025-54890, European organizations should immediately upgrade Centreon Infra Monitoring to the fixed versions 24.10.15, 24.04.19, or 23.10.29 or later. Until patches are applied, restrict elevated user access to trusted personnel only and monitor for unusual activity on the Hostgroup configuration page. Implement strict input validation and sanitization on all user inputs, particularly those that affect web page generation, to prevent script injection. Deploy Content Security Policies (CSP) to limit the execution of unauthorized scripts in the web application context. Conduct regular audits of user privileges and session management to detect potential abuse. Network segmentation and multi-factor authentication for administrative access can reduce the risk of privilege escalation. Finally, monitor Centreon logs and network traffic for signs of exploitation attempts or anomalous behavior.