CVE-2025-8429 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in Centreon Infra Monitoring's ACL Action access configuration modules. The vulnerability arises due to improper neutralization of input during web page generation, allowing malicious scripts submitted by users with elevated privileges to be stored and executed in the context of other users accessing the affected web interface. This flaw affects multiple versions of Centreon Infra Monitoring: from 23.10.0 before 23.10.28, from 24.04.0 before 24.04.18, and from 24.10.0 before 24.10.13. The attack vector is network-based, requiring no user interaction but necessitating that the attacker has high-level privileges within the system. Successful exploitation can lead to disclosure of sensitive information (confidentiality impact) by executing arbitrary scripts in the victim’s browser session, potentially exposing session tokens or other sensitive data. The vulnerability does not directly impact data integrity or system availability. The CVSS v3.1 score of 6.8 reflects a medium severity, driven by the ease of exploitation from the network and the high privileges required. No public exploits have been reported yet, but the vulnerability represents a significant risk in environments where Centreon Infra Monitoring is deployed, especially where privileged user accounts are shared or insufficiently controlled. The lack of user interaction needed for exploitation increases the risk within trusted administrative environments. Centreon has published advisories but no direct patch links were provided in the source data, indicating that affected organizations should verify and apply updates promptly once available.

For European organizations, the vulnerability poses a risk primarily to the confidentiality of monitored infrastructure data and administrative sessions. Since Centreon Infra Monitoring is widely used for critical infrastructure and enterprise IT monitoring, exploitation could allow attackers to steal session cookies or execute malicious scripts that could lead to further compromise of administrative accounts or sensitive monitoring data. This could result in unauthorized disclosure of network topology, system status, or other sensitive operational information. The requirement for elevated privileges limits the attack surface to trusted users or compromised administrative accounts, but insider threats or lateral movement by attackers could leverage this vulnerability to escalate access or maintain persistence. Disruption of monitoring visibility is not directly caused by this vulnerability, but the indirect effects of compromised credentials or session hijacking could degrade incident response capabilities. European sectors such as energy, finance, and telecommunications, which rely heavily on infrastructure monitoring, could face increased risk if this vulnerability is exploited. Additionally, regulatory compliance frameworks like GDPR emphasize protecting confidentiality of operational data, making exploitation potentially costly in terms of legal and reputational damage.

Organizations should immediately verify their Centreon Infra Monitoring versions and plan to upgrade to versions 23.10.28, 24.04.18, or 24.10.13 or later, where the vulnerability is fixed. Until patches are applied, restrict access to the ACL Action access configuration modules to the minimum number of trusted administrators and enforce strong authentication and session management controls. Implement web application firewalls (WAFs) with custom rules to detect and block typical XSS payloads targeting Centreon interfaces. Conduct regular audits of user privileges to ensure no unnecessary elevated access is granted. Monitor logs for unusual activity related to configuration changes or suspicious script injections. Educate administrators on the risks of stored XSS and encourage the use of secure browsers with script-blocking extensions when accessing monitoring consoles. Additionally, consider network segmentation to isolate monitoring infrastructure from general user networks, reducing the risk of lateral movement. Finally, maintain an incident response plan that includes procedures for handling potential XSS exploitation scenarios within administrative portals.