CVE-2025-54891 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79 that affects the Centreon Infra Monitoring product, specifically within the ACL Resource access configuration modules. The vulnerability allows users with elevated privileges to inject malicious scripts into web pages generated by the application. These scripts are stored persistently and executed when other users access the affected pages, potentially leading to session hijacking, credential theft, or unauthorized actions performed in the context of the victim's session. The affected versions include 23.10.0 before 23.10.28, 24.04.0 before 24.04.18, and 24.10.0 before 24.10.13. The CVSS 3.1 score of 6.8 reflects a medium severity with a vector indicating that the attack can be launched remotely over the network (AV:N), requires low attack complexity (AC:L), but needs high privileges (PR:H) and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The vulnerability impacts confidentiality (C:H) but not integrity or availability. No public exploits have been reported yet, but the presence of stored XSS in a monitoring tool used in critical infrastructure environments elevates the risk profile. The vulnerability was reserved in July 2025 and published in October 2025. Centreon Infra Monitoring is widely used in enterprise and industrial environments for infrastructure monitoring, making this vulnerability relevant for organizations relying on this software for operational visibility and control.

The primary impact of CVE-2025-54891 is on the confidentiality of data within affected Centreon Infra Monitoring deployments. Successful exploitation could allow attackers to execute arbitrary scripts in the context of other users, potentially leading to session hijacking, theft of authentication tokens, or unauthorized access to sensitive monitoring data. Since the vulnerability requires elevated privileges to inject the malicious payload, the initial attacker must have some level of trusted access, but the stored nature of the XSS means that less privileged users or administrators could be targeted indirectly. For European organizations, especially those in critical infrastructure sectors such as energy, telecommunications, and manufacturing that rely on Centreon for monitoring, this could lead to exposure of sensitive operational data or facilitate further lateral movement within networks. The medium severity score reflects that while the vulnerability does not directly impact system integrity or availability, the confidentiality breach could have significant operational and compliance consequences, including GDPR violations if personal data is exposed. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially given the strategic importance of monitoring tools in enterprise environments.

To mitigate CVE-2025-54891, European organizations should prioritize upgrading Centreon Infra Monitoring to the fixed versions: 23.10.28, 24.04.18, or 24.10.13 or later. Until patches are applied, organizations should enforce strict access controls to limit the number of users with elevated privileges capable of injecting malicious content. Implementing Web Application Firewalls (WAFs) with rules to detect and block XSS payloads targeting Centreon interfaces can provide temporary protection. Regularly audit user permissions and monitor logs for suspicious activity related to ACL Resource access configuration modules. Employ Content Security Policy (CSP) headers to restrict script execution contexts and reduce the impact of potential XSS exploitation. Additionally, conduct security awareness training for administrators to recognize and avoid risky behaviors that could lead to exploitation. Finally, maintain an incident response plan that includes monitoring for signs of XSS exploitation and rapid remediation steps.