CVE-2025-54892 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in Centreon Infra Monitoring's SNMP traps group configuration modules. The vulnerability arises from improper neutralization of input during web page generation, allowing malicious scripts submitted by users with elevated privileges to be stored and subsequently executed in the browsers of other users who view the affected pages. This flaw affects Centreon Infra Monitoring versions from 23.10.0 before 23.10.28, 24.04.0 before 24.04.18, and 24.10.0 before 24.10.13. The CVSS v3.1 score is 6.8, indicating medium severity, with an attack vector of network (remote exploitation possible), low attack complexity, and requiring privileges but no user interaction. The vulnerability's impact is primarily on confidentiality, as the injected scripts could potentially steal session tokens or sensitive information from other users with access to the monitoring interface. Integrity and availability are not directly impacted. The vulnerability is particularly concerning in environments where multiple administrators or operators access the monitoring system, as a compromised privileged user could inject scripts that affect others. No public exploits have been reported yet, but the presence of stored XSS in a critical infrastructure monitoring tool poses a significant risk if weaponized. The vulnerability was publicly disclosed on October 14, 2025, with no patch links provided in the data, indicating that users should verify with Centreon for the latest updates and patches.

For European organizations, the impact of CVE-2025-54892 can be significant, especially in sectors relying heavily on Centreon Infra Monitoring for critical infrastructure and network health monitoring. The stored XSS vulnerability allows attackers with elevated privileges to execute malicious scripts in the context of other users, potentially leading to unauthorized disclosure of sensitive monitoring data, session hijacking, or further lateral movement within the network. Confidentiality breaches could expose sensitive operational data or credentials, undermining trust and compliance with data protection regulations such as GDPR. Although integrity and availability are not directly affected, the compromise of privileged accounts could facilitate further attacks. Organizations with multiple administrators or operators accessing the monitoring system are at higher risk. The lack of known exploits reduces immediate threat but does not eliminate the risk of targeted attacks. The vulnerability could also be leveraged in supply chain attacks or insider threat scenarios, increasing the potential impact on European critical infrastructure and enterprise networks.

European organizations should take the following specific mitigation steps: 1) Immediately verify and apply the latest Centreon Infra Monitoring patches or updates that address CVE-2025-54892 as soon as they become available. 2) Restrict and audit privileged user access to the SNMP traps group configuration modules to minimize the risk of malicious input injection. 3) Implement strict input validation and output encoding on all user-supplied data fields within the monitoring interface, especially those related to SNMP trap configurations. 4) Employ Content Security Policy (CSP) headers to reduce the impact of potential XSS exploitation. 5) Conduct regular security training and awareness for administrators to recognize and avoid introducing malicious scripts. 6) Monitor logs and user activities for unusual behavior indicative of exploitation attempts. 7) Consider network segmentation and multi-factor authentication for access to the monitoring system to limit exposure. 8) Engage with Centreon support or security advisories to stay informed about patches and mitigation guidance. These steps go beyond generic advice by focusing on access control, secure coding practices, and proactive monitoring tailored to the affected modules and user roles.