CVE-2025-54892 – This stored XSS vulnerability in Centreon Infra... (How to Fix)

Q: What is the severity of CVE-2025-54892?

CVE-2025-54892 has a CVSS score of 6.8 (MEDIUM). This stored XSS vulnerability in Centreon Infra Monitoring allows authenticated users with elevated privileges to inject malicious scripts into SNMP traps group configuration modules. When other users view these configurations, the scripts execute in their browsers, potentially compromising their sessions. Affected versions include 24.10.0-24.10.12, 24.04.0-24.04.17, and 23.10.0-23.10.27.

📋 TL;DR

This stored XSS vulnerability in Centreon Infra Monitoring allows authenticated users with elevated privileges to inject malicious scripts into SNMP traps group configuration modules. When other users view these configurations, the scripts execute in their browsers, potentially compromising their sessions. Affected versions include 24.10.0-24.10.12, 24.04.0-24.04.17, and 23.10.0-23.10.27.

💻 Affected Systems

Products:

Centreon Infra Monitoring

Versions: 24.10.0 to 24.10.12, 24.04.0 to 24.04.17, 23.10.0 to 23.10.27

Operating Systems: Any OS running Centreon

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects SNMP traps group configuration modules. Requires authenticated user with elevated privileges.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged attacker steals administrator credentials, gains full system control, and pivots to other systems in the network.

🟠

Likely Case

Attacker with elevated privileges steals session cookies or credentials of other administrators, leading to unauthorized access.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized before execution.

🌐 Internet-Facing: MEDIUM - If Centreon web interface is internet-accessible, attackers could exploit this after gaining initial access through other means.

🏢 Internal Only: HIGH - Internal privileged users can exploit this to escalate privileges or compromise other administrator accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access with elevated privileges. Exploitation involves injecting scripts into configuration fields that persist and execute when viewed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.10.13, 24.04.18, 23.10.28

Vendor Advisory: https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54892-centreon-web-all-versions-medium-severity-5121

Restart Required: No

Instructions:

1. Backup your Centreon configuration and database. 2. Update to patched version using official Centreon update procedures. 3. Verify update completed successfully. 4. Test SNMP traps group configuration functionality.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation for SNMP traps group configuration fields to reject script tags and special characters.

Privilege Reduction

all

Temporarily restrict access to SNMP traps group configuration to only essential administrators.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads in SNMP configuration requests.
Enable Content Security Policy (CSP) headers to restrict script execution sources.

🔍 How to Verify

Check if Vulnerable:

Check Centreon version via web interface Admin > About or command line: rpm -qa | grep centreon-web

Check Version:

rpm -qa | grep centreon-web | grep -E '24\.10\.|24\.04\.|23\.10\.'

Verify Fix Applied:

Verify version is 24.10.13, 24.04.18, or 23.10.28 or higher. Test SNMP traps configuration for proper input sanitization.

📡 Detection & Monitoring

Log Indicators:

Unusual SNMP traps configuration modifications
Script tags or JavaScript in configuration logs

Network Indicators:

HTTP POST requests to SNMP configuration endpoints with script payloads

SIEM Query:

source="centreon" AND ("SNMP traps" OR "configuration") AND ("script" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2025-54892

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-79

EPSS Score: 0.01% exploit probability (1.8th percentile)

Published: October 14, 2025

Last Updated: October 22, 2025

🔗 References

https://github.com/centreon/centreon/releases Release Notes
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54892-centreon-web-all-versions-medium-severity-5121 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54892, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Centreon Web by Centreon

Centreon Web by Centreon

Centreon Web by Centreon

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input Validation Enhancement

Privilege Reduction

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities