Cross-site Scripting Vulnerability in Centreon Infra Monitoring
CVE-2025-54893

6.8MEDIUM

Key Information:

Vendor

Centreon

Status
Infra Monitoring
Vendor
CVE Published:
14 October 2025

What is CVE-2025-54893?

A cross-site scripting (XSS) vulnerability exists in Centreon Infra Monitoring's hosts templates configuration module, allowing users with elevated privileges to inject malicious scripts. This vulnerability can lead to stored XSS attacks, impacting the integrity and confidentiality of user data, as well as the overall security of the application. Affected versions include those prior to 24.10.13, 24.04.18, and 23.10.28, and it is crucial for administrators to update to patched versions to mitigate these risks.

Affected Version(s)

Infra Monitoring 24.10.0 < 24.10.13

Infra Monitoring 24.04.0 < 24.04.18

Infra Monitoring 23.10.0 < 23.10.28

References

https://github.com/centreon/centreon/releases

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marcelo Queiroz
JSON
.
CVE-2025-54893 : Cross-site Scripting Vulnerability in Centreon Infra Monitoring