CVE-2025-8460 is a stored Cross-site Scripting (XSS) vulnerability categorized under CWE-79, affecting Centreon Infra Monitoring versions 23.10.0 before 23.10.4, 24.04.0 before 24.04.5, and 24.10.0 before 24.10.5. The vulnerability exists due to improper neutralization of user-supplied input during web page generation within the Notification rules and Open tickets modules. This flaw allows users with elevated privileges to inject persistent malicious scripts into the web interface, which are then executed in the context of other users viewing the affected pages. The CVSS 3.1 vector indicates the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L), but requires high privileges (PR:H) and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact is high on confidentiality (C:H), with no impact on integrity or availability. Exploiting this vulnerability could allow attackers to steal session tokens, credentials, or other sensitive information, potentially leading to further compromise of the monitoring infrastructure. Although no known exploits are reported in the wild, the presence of stored XSS in a critical monitoring tool used for infrastructure oversight poses a significant risk. Centreon Infra Monitoring is widely used in enterprise and critical infrastructure environments for monitoring IT systems, making this vulnerability particularly relevant for organizations relying on this product for operational awareness.

For European organizations, the impact of CVE-2025-8460 can be significant, especially those in sectors relying heavily on Centreon Infra Monitoring for critical infrastructure and IT operations management. Successful exploitation could lead to unauthorized disclosure of sensitive monitoring data, session hijacking, and potential lateral movement within the network. This could undermine the integrity of monitoring data and delay detection of other security incidents. Confidentiality breaches could expose internal system configurations, alerting mechanisms, and operational statuses, which adversaries could leverage for targeted attacks. Given the elevated privileges required, insider threats or compromised privileged accounts pose the greatest risk. The vulnerability could also facilitate supply chain attacks if attackers gain persistent access to monitoring dashboards. The absence of known exploits in the wild suggests the window for proactive mitigation remains open, but the medium severity rating and critical role of the product in infrastructure monitoring necessitate urgent remediation to prevent escalation.

1. Apply official patches from Centreon as soon as they are released for versions 23.10.x, 24.04.x, and 24.10.x to remediate the vulnerability. 2. Until patches are available, restrict elevated user privileges strictly to trusted personnel and enforce the principle of least privilege to minimize potential attackers with high-level access. 3. Implement Web Application Firewalls (WAF) with robust XSS detection and filtering rules to block malicious payloads targeting the vulnerable modules. 4. Conduct regular audits of user accounts with elevated privileges and monitor for unusual activity within the Notification rules and Open tickets modules. 5. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the Centreon web interface. 6. Educate administrators and users with elevated privileges about the risks of stored XSS and safe input handling practices. 7. Monitor Centreon Infra Monitoring logs for any suspicious input or access patterns indicative of attempted exploitation. 8. Consider isolating the monitoring interface within a segmented network zone to reduce exposure to external threats.