Cross-site Scripting Vulnerability in Centreon Infra Monitoring by Centreon
CVE-2025-8430

6.8MEDIUM

Key Information:

Vendor

Centreon

Status
Infra Monitoring
Vendor
CVE Published:
14 October 2025

What is CVE-2025-8430?

A Cross-site Scripting (XSS) vulnerability exists in the Commands Connectors configuration modules of Centreon Infra Monitoring. This weakness allows users with elevated privileges to exploit improper input neutralization during web page generation, potentially leading to stored XSS attacks. Affected versions span from 24.10.0 up until 24.10.12, 24.04.0 prior to 24.04.17, and 23.10.0 until 23.10.27. Users are encouraged to update to the latest versions to mitigate this risk.

Affected Version(s)

Infra Monitoring 24.10.0 < 24.10.13

Infra Monitoring 24.04.0 < 24.04.18

Infra Monitoring 23.10.0 < 23.10.28

References

https://github.com/centreon/centreon/releases
release-notes

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marcelo Queiroz
JSON
.
CVE-2025-8430 : Cross-site Scripting Vulnerability in Centreon Infra Monitoring by Centreon