CVE-2025-54891 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in the ACL Resource access configuration modules of Centreon Infra Monitoring. This vulnerability arises from improper neutralization of user-supplied input during web page generation, allowing malicious scripts to be injected and stored by users with elevated privileges. When other users access the affected web pages, the injected scripts execute in their browsers, potentially leading to unauthorized disclosure of sensitive information, session hijacking, or other client-side attacks. The affected versions include 23.10.0 before 23.10.28, 24.04.0 before 24.04.18, and 24.10.0 before 24.10.13. The CVSS 3.1 score is 6.8, reflecting a medium severity with a vector indicating network attack vector, low attack complexity, required privileges, no user interaction, and a scope change. The vulnerability impacts confidentiality significantly but does not affect integrity or availability. No public exploits have been reported yet, and no official patches are linked, though vendors typically release updates addressing such issues. The vulnerability is particularly concerning because it requires elevated privileges to exploit, which means attackers must first compromise or have legitimate access to privileged accounts. The stored nature of the XSS increases risk as the malicious payload persists and affects multiple users. This flaw highlights the importance of proper input validation and output encoding in web applications, especially in administrative modules that control access and configuration.

For European organizations, the impact of CVE-2025-54891 can be significant, especially for those relying on Centreon Infra Monitoring for critical infrastructure monitoring and management. The vulnerability allows attackers with elevated privileges to inject persistent malicious scripts, potentially leading to unauthorized access to sensitive monitoring data, leakage of credentials or session tokens, and further lateral movement within the network. Confidentiality is the primary concern, as attackers could exfiltrate sensitive operational data or manipulate user sessions. Although integrity and availability are not directly impacted, the compromise of privileged accounts could indirectly lead to further attacks affecting system stability or data integrity. Organizations in sectors such as energy, telecommunications, finance, and government, which often use infrastructure monitoring tools, could face operational risks and regulatory compliance issues under GDPR if sensitive data is exposed. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially given the medium CVSS score and the critical role of the affected software in infrastructure monitoring.

European organizations should take proactive steps to mitigate this vulnerability. First, monitor Centreon's official channels for patches addressing CVE-2025-54891 and apply updates promptly once available. Until patches are released, restrict access to the ACL Resource access configuration modules to the minimum number of trusted administrators and enforce strong authentication mechanisms, such as multi-factor authentication (MFA). Implement strict input validation and output encoding on all user-supplied data within the monitoring interface, especially in administrative modules, to prevent script injection. Conduct regular security audits and penetration testing focused on web application vulnerabilities in Centreon Infra Monitoring. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious script injection attempts. Additionally, monitor logs for unusual activity from privileged users that could indicate exploitation attempts. Educate administrators about the risks of XSS and the importance of cautious handling of input fields. Finally, consider network segmentation to limit the exposure of the monitoring system to only necessary internal networks.