CVE-2025-8459 is a Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting Centreon Infra Monitoring's recurrent downtime scheduler modules. The flaw exists due to improper neutralization of user-supplied input during web page generation, allowing malicious scripts to be stored and later executed in the context of authenticated users' browsers. This vulnerability affects multiple versions of Centreon Infra Monitoring: from 23.10.0 before 23.10.28, 24.04.0 before 24.04.18, and 24.10.0 before 24.10.13. An attacker with low privileges (PR:L) can exploit this remotely (AV:N) without user interaction (UI:N), as indicated by the CVSS vector. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact on confidentiality is high (C:H), as attackers can steal session cookies or sensitive information, but there is no direct impact on integrity or availability. No public exploits have been reported yet, but the vulnerability's nature and ease of exploitation make it a significant risk. Centreon Infra Monitoring is widely used in IT infrastructure monitoring, making this vulnerability critical for organizations relying on it for operational continuity. The vulnerability was reserved in August 2025 and published in October 2025, with no patches linked yet, indicating a need for vigilance and prompt remediation once available.

For European organizations, the impact of CVE-2025-8459 is substantial due to Centreon Infra Monitoring's role in overseeing critical IT infrastructure and services. Exploitation could lead to unauthorized disclosure of sensitive monitoring data, session hijacking, and potential lateral movement within the network if attackers leverage stolen credentials or tokens. This could undermine trust in monitoring data, delay incident response, and expose organizations to further attacks. Confidentiality breaches could affect compliance with GDPR and other data protection regulations, leading to legal and financial repercussions. The lack of impact on integrity and availability reduces the risk of direct service disruption, but the indirect effects on operational security and incident management are significant. Organizations in sectors such as finance, healthcare, energy, and government, which heavily depend on reliable monitoring, face elevated risks. The vulnerability's ease of exploitation without user interaction increases the urgency for mitigation in environments where Centreon is deployed.

1. Apply official patches from Centreon immediately once released to address the XSS vulnerability. 2. Until patches are available, implement strict input validation and output encoding on all user-supplied data within the recurrent downtime scheduler modules to prevent script injection. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the monitoring web interface. 4. Conduct regular security audits and penetration testing focused on web application vulnerabilities in Centreon deployments. 5. Monitor logs and network traffic for unusual activities that may indicate exploitation attempts, such as unexpected script execution or anomalous user sessions. 6. Restrict access to the Centreon Infra Monitoring interface using network segmentation and strong authentication mechanisms to limit exposure. 7. Educate administrators and users about the risks of XSS and encourage vigilance when interacting with monitoring dashboards. 8. Consider deploying Web Application Firewalls (WAF) with rules tailored to detect and block XSS payloads targeting Centreon.