CVE-2025-8428
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-8428, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-14

Last updated on: 2025-10-22

Assigner: Centreon

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-14
Last Modified
2025-10-22
Generated
2026-07-06
AI Q&A
2025-10-14
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
centreon centreon_web From 23.10.0 (inc) to 23.10.28 (exc)
centreon centreon_web From 24.04.0 (inc) to 24.04.18 (exc)
centreon centreon_web From 24.10.0 (inc) to 24.10.13 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-8428 is a Stored Cross-site Scripting (XSS) vulnerability in Centreon Infra Monitoring's HTTP Loader widget modules. It allows a user with minimal privileges, such as monitoring rights, to inject malicious JavaScript code into a custom view. This injected code can then be used to impersonate an administrator or supervisor by spoofing their session. [1]

Impact Analysis

This vulnerability can lead to session impersonation of administrators or supervisors, allowing attackers to potentially access sensitive information or perform actions with elevated privileges. Although it does not affect data integrity or availability, it has a high impact on confidentiality. [1]

Detection Guidance

Detection of CVE-2025-8428 involves monitoring for attempts to inject JavaScript payloads into custom views by users with monitoring privileges. Network traffic analysis tools or web application scanners can be used to detect suspicious input patterns or payloads targeting the Centreon Web HTTP Loader widget modules. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include updating Centreon Web to the fixed versions 24.10.13, 24.04.18, or 23.10.28, which contain cumulative patches addressing this vulnerability. Users with monitoring privileges should be cautious about inputting data into custom views until the update is applied. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8428. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart