CVE-2025-54892 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in Centreon Infra Monitoring's SNMP traps group configuration modules. This vulnerability arises from improper neutralization of input during web page generation, allowing malicious scripts injected by users with elevated privileges to be stored and executed in the browser context of other users who access the affected interface. The affected versions include 23.10.0 before 23.10.28, 24.04.0 before 24.04.18, and 24.10.0 before 24.10.13. The vulnerability's CVSS 3.1 base score is 6.8, reflecting a medium severity level, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), and a scope change (S:C). The impact is high on confidentiality, as attackers could potentially steal sensitive session tokens or other confidential data accessible via the web interface, but there is no direct impact on integrity or availability. Exploitation requires an attacker to have elevated privileges, which limits the attack surface but still poses a significant risk if such accounts are compromised or misused. No known public exploits have been reported yet, but the vulnerability's presence in critical monitoring infrastructure software makes it a notable risk. The vulnerability affects the web interface components responsible for SNMP trap group configurations, which are commonly used in network and infrastructure monitoring setups. Attackers leveraging this vulnerability could execute arbitrary JavaScript in the context of legitimate users, potentially leading to session hijacking, data theft, or further internal network compromise.

For European organizations, the impact of CVE-2025-54892 can be significant, especially for those relying on Centreon Infra Monitoring to oversee critical infrastructure, telecommunications, energy grids, or large enterprise networks. The vulnerability allows attackers with elevated privileges to inject persistent malicious scripts, which can lead to unauthorized disclosure of sensitive monitoring data, session hijacking, or lateral movement within the network. Since Centreon is widely used in Europe for IT and network infrastructure monitoring, exploitation could undermine trust in monitoring data and disrupt incident response capabilities. Confidentiality breaches could expose sensitive operational details or credentials. Although the vulnerability does not directly affect system integrity or availability, the indirect consequences of compromised monitoring systems could be severe, including delayed detection of other attacks or misconfiguration. The requirement for elevated privileges reduces the likelihood of external attackers exploiting this flaw directly but raises concerns about insider threats or compromised privileged accounts. Organizations in sectors with stringent regulatory requirements for data protection and operational security, such as finance, healthcare, and critical infrastructure, face increased compliance risks if this vulnerability is exploited.

To mitigate CVE-2025-54892 effectively, European organizations should: 1) Immediately apply the official patches released by Centreon for versions 23.10.28, 24.04.18, and 24.10.13 or later to remediate the vulnerability. 2) Restrict elevated user privileges strictly to trusted administrators and implement strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of privilege misuse or compromise. 3) Conduct regular audits of user accounts with elevated privileges and monitor for unusual activities related to SNMP trap group configurations. 4) Employ web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting the affected modules. 5) Implement Content Security Policy (CSP) headers on the Centreon web interface to limit the impact of potential XSS payloads by restricting script execution sources. 6) Educate administrators about the risks of stored XSS and encourage safe handling of configuration inputs. 7) Monitor Centreon logs and network traffic for signs of exploitation attempts or anomalous behavior. 8) Consider network segmentation to isolate monitoring infrastructure from less trusted network zones, limiting exposure if an account is compromised.