Cross-Site Scripting Vulnerability in Centreon Infra Monitoring
CVE-2025-8459

7.7HIGH

Key Information:

Vendor: Centreon
Status: Infra Monitoring
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-8459?

A Cross-Site Scripting (XSS) vulnerability exists in Centreon Infra Monitoring that allows an attacker to store malicious scripts in the monitoring system. This vulnerability primarily affects the recurrent downtime scheduler modules. The affected versions include Infra Monitoring versions 24.10.0 up to 24.10.12, 24.04.0 up to 24.04.17, and 23.10.0 up to 23.10.27. When exploited, this vulnerability can lead to significant security risks, including unauthorized access and data breaches, making it essential for users to apply the necessary patches and upgrades to protect their infrastructure.

Affected Version(s)

Infra Monitoring 24.10.0 < 24.10.13

Infra Monitoring 24.04.0 < 24.04.18

Infra Monitoring 23.10.0 < 23.10.28

References

https://github.com/centreon/centreon/releases

release-notes

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Aug 1, 2025

Credit

Marcelo Queiroz

JSON