CVE-2025-8428 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting Centreon Infra Monitoring's HTTP Loader widget modules. The flaw stems from improper neutralization of user-supplied input during web page generation, which allows malicious scripts to be stored and later executed in the browsers of users who view the affected pages. This vulnerability impacts Centreon Infra Monitoring versions 23.10.0 before 23.10.28, 24.04.0 before 24.04.18, and 24.10.0 before 24.10.13. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and low privileges (PR:L), but does require user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability can affect resources beyond the vulnerable component. The impact is primarily on confidentiality (C:H), with no impact on integrity (I:N) or availability (A:N). An attacker with legitimate access to the monitoring system could inject malicious JavaScript code into HTTP Loader widgets, which would then execute in the context of other users accessing the monitoring interface. This could lead to session hijacking, theft of sensitive monitoring data, or other malicious actions performed on behalf of the victim user. No public exploits have been reported yet, but the presence of stored XSS in a monitoring platform used in enterprise environments poses a significant risk if exploited. The vulnerability was reserved on July 31, 2025, and published on October 14, 2025. Centreon has not yet provided patch links, but users should expect updates to address this issue promptly.

For European organizations, the impact of CVE-2025-8428 can be significant, especially for those relying on Centreon Infra Monitoring for critical infrastructure and IT operations monitoring. Exploitation could lead to unauthorized disclosure of sensitive monitoring data, including system statuses, network configurations, and potentially credentials or tokens stored or accessible via the monitoring interface. This could facilitate further attacks such as lateral movement or targeted intrusions. The confidentiality breach could undermine trust in monitoring data integrity, complicate incident response, and expose organizations to regulatory penalties under GDPR if personal data is involved. Although the vulnerability does not affect system integrity or availability directly, the indirect consequences of compromised monitoring systems could disrupt operational awareness and delay detection of other attacks. The requirement for low privileges and user interaction lowers the barrier for exploitation within organizations where multiple users access the monitoring platform, increasing the risk of insider threats or phishing-assisted attacks.

European organizations should implement the following specific mitigations: 1) Monitor Centreon’s official channels closely for the release of security patches addressing CVE-2025-8428 and apply them immediately upon availability. 2) Until patches are applied, restrict access to the Centreon Infra Monitoring interface to trusted users and networks, employing network segmentation and VPNs where possible. 3) Implement strict input validation and sanitization on any user-supplied data fields within the monitoring platform, if customization or scripting is allowed. 4) Deploy Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the monitoring web interface. 5) Educate users about the risks of clicking on suspicious links or interacting with untrusted content within the monitoring environment. 6) Conduct regular security audits and penetration testing focused on web application vulnerabilities in the monitoring infrastructure. 7) Monitor logs and user activity for signs of anomalous behavior that could indicate exploitation attempts. 8) Consider multi-factor authentication (MFA) for accessing the monitoring platform to reduce the risk of compromised credentials being leveraged.