CVE-2025-8459 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79 that affects Centreon Infra Monitoring's recurrent downtime scheduler modules. The vulnerability stems from improper neutralization of user-supplied input during web page generation, allowing malicious scripts to be persistently stored and executed in the context of users accessing the affected web interface. Specifically, versions 23.10.0 before 23.10.28, 24.04.0 before 24.04.18, and 24.10.0 before 24.10.13 are impacted. An attacker with low privileges can inject malicious JavaScript code that executes automatically when other users view the compromised pages, without requiring any user interaction. The CVSS v3.1 score of 7.7 indicates a high severity, with an attack vector of network, low attack complexity, requiring privileges but no user interaction, and a scope change affecting confidentiality but not integrity or availability. While no known exploits are currently reported in the wild, the vulnerability poses a significant risk to confidentiality, as attackers can steal session cookies, perform actions on behalf of users, or conduct phishing attacks within the trusted Centreon interface. Centreon Infra Monitoring is widely used for infrastructure monitoring, making this vulnerability particularly concerning for organizations relying on it for operational continuity. The lack of available patches at the time of reporting necessitates immediate attention to mitigate risks.

The primary impact of CVE-2025-8459 on European organizations lies in the potential compromise of confidentiality within Centreon Infra Monitoring environments. Successful exploitation can lead to session hijacking, unauthorized access to sensitive monitoring data, and execution of malicious actions under the guise of legitimate users. This can undermine trust in monitoring data integrity and potentially facilitate further lateral movement or targeted attacks within critical infrastructure networks. Although the vulnerability does not directly affect system integrity or availability, the confidentiality breach can have cascading effects, including exposure of sensitive operational information and disruption of incident response processes. European organizations in sectors such as energy, telecommunications, finance, and government, which heavily rely on Centreon for infrastructure monitoring, face heightened risks. The vulnerability’s exploitation could also erode compliance with data protection regulations like GDPR if personal or sensitive data is exposed. Given the network-exploitable nature and low complexity, attackers could leverage this vulnerability remotely, increasing the threat surface for European entities.

To mitigate CVE-2025-8459, European organizations should immediately upgrade Centreon Infra Monitoring to the latest patched versions once available (24.10.13, 24.04.18, or 23.10.28 or later). Until patches are applied, implement strict input validation and sanitization on all user-supplied data fields within the recurrent downtime scheduler modules to prevent malicious script injection. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the Centreon web interface. Limit user privileges to the minimum necessary, especially for accounts with access to scheduling modules, to reduce the attack surface. Conduct thorough code reviews and penetration testing focused on XSS vectors in custom or integrated Centreon plugins. Monitor web server and application logs for unusual input patterns or script injection attempts. Additionally, educate users and administrators about the risks of XSS and encourage vigilance against suspicious activity within the monitoring platform. Network segmentation and web application firewalls (WAF) can provide additional layers of defense by detecting and blocking malicious payloads targeting the vulnerability.