CVE-2025-54893 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in Centreon Infra Monitoring's Hosts templates configuration modules. This vulnerability arises due to improper neutralization of user input during web page generation, allowing malicious scripts to be stored and later executed in the browsers of users who access the affected pages. The flaw affects multiple versions: 23.10.0 before 23.10.28, 24.04.0 before 24.04.18, and 24.10.0 before 24.10.13. Exploitation requires an attacker to have elevated privileges within the system, such as administrative or configuration rights, to inject malicious payloads. Once injected, these scripts execute in the context of other users who view the compromised templates, potentially leading to session hijacking, theft of sensitive information, or unauthorized actions performed on behalf of the victim. The CVSS v3.1 score of 6.8 reflects a medium severity, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), and a scope change (S:C) with high confidentiality impact (C:H), but no impact on integrity (I:N) or availability (A:N). No public exploits have been reported yet, but the vulnerability's presence in widely used monitoring software makes it a significant risk if left unpatched. The vulnerability was publicly disclosed on October 14, 2025, and patches are available in the specified versions after the affected releases.

For European organizations, this vulnerability poses a risk primarily to the confidentiality of sensitive monitoring data and user sessions. Centreon Infra Monitoring is widely used in IT infrastructure management, and a successful exploit could allow attackers to hijack sessions of privileged users or exfiltrate sensitive configuration details. This could lead to further compromise of network monitoring environments, potentially undermining the integrity of IT operations and incident response capabilities. Although the vulnerability does not directly affect system integrity or availability, the confidentiality breach could facilitate lateral movement or privilege escalation in targeted attacks. Organizations in sectors with critical infrastructure, finance, healthcare, and government are particularly at risk due to the sensitive nature of monitoring data and the elevated privileges required to exploit the flaw. The lack of user interaction needed for exploitation increases the risk of automated or stealthy attacks once an attacker gains elevated access.

To mitigate CVE-2025-54893, European organizations should immediately apply the patches provided by Centreon for versions 23.10.28, 24.04.18, and 24.10.13 or later. Until patching is complete, restrict elevated privileges to trusted administrators only and implement strict access controls on the Hosts templates configuration modules. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns indicative of XSS payloads. Conduct regular audits of user privileges and monitor logs for unusual configuration changes or script injections. Additionally, implement Content Security Policy (CSP) headers to reduce the impact of potential XSS attacks by restricting script execution sources. Educate administrators on the risks of stored XSS and enforce secure coding and input validation practices for any custom integrations with Centreon. Finally, maintain an incident response plan that includes monitoring for signs of exploitation and rapid remediation steps.