CVE-2025-8460 identifies a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79 in Centreon Infra Monitoring, a widely used IT infrastructure monitoring solution. The vulnerability exists due to improper neutralization of user-supplied input during web page generation within the Notification rules and Open tickets modules. Specifically, users with elevated privileges can inject malicious JavaScript code that is stored persistently and executed in the browsers of other users who access the affected pages. This flaw affects multiple versions: 23.10.0 before 23.10.4, 24.04.0 before 24.04.5, and 24.10.0 before 24.10.5. The CVSS 3.1 base score is 6.8, reflecting a medium severity with the vector AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N, indicating network attack vector, low attack complexity, high privileges required, no user interaction, scope changed, high confidentiality impact, no integrity or availability impact. The vulnerability allows attackers to compromise confidentiality by stealing session tokens or executing unauthorized actions under the victim’s context. Although no known exploits are reported in the wild, the vulnerability poses a significant risk in environments where Centreon is deployed for critical monitoring. The issue underscores the importance of secure coding practices such as proper input validation and output encoding to prevent XSS. Centreon has released patches in versions 23.10.4, 24.04.5, and 24.10.5 to remediate this vulnerability.

For European organizations, the impact of CVE-2025-8460 can be substantial, especially those relying on Centreon Infra Monitoring for managing critical IT infrastructure and services. Successful exploitation could lead to the theft of sensitive session cookies or authentication tokens, enabling attackers to impersonate privileged users and access confidential monitoring data or manipulate alerting mechanisms. This could result in unauthorized disclosure of sensitive operational information, undermining the integrity of incident response and potentially delaying detection of other attacks. While the vulnerability does not directly affect system availability or integrity, the confidentiality breach can facilitate further attacks or lateral movement within networks. Given the widespread adoption of Centreon in sectors such as finance, telecommunications, and government across Europe, the risk extends to critical national infrastructure and enterprise environments. The requirement for elevated privileges limits exploitation to insiders or compromised accounts, but the potential damage from such an attack remains significant.

1. Immediate upgrade to the fixed versions: 23.10.4, 24.04.5, or 24.10.5 as applicable to the deployed version of Centreon Infra Monitoring. 2. Implement strict input validation and output encoding on all user-supplied data, especially in the Notification rules and Open tickets modules, to prevent injection of malicious scripts. 3. Enforce the principle of least privilege to limit the number of users with elevated access rights capable of exploiting this vulnerability. 4. Monitor logs and alerts for unusual activities related to web interface usage, particularly from privileged accounts. 5. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the web application context. 6. Conduct regular security assessments and penetration testing focused on web application vulnerabilities in Centreon deployments. 7. Educate administrators and users with elevated privileges about the risks of XSS and safe handling of input fields. 8. Consider network segmentation and multi-factor authentication to reduce the risk of privilege escalation and lateral movement.