CVE-2025-8428
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-14

Last updated on: 2025-10-22

Assigner: Centreon

Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-14
Last Modified
2025-10-22
Generated
2026-05-07
AI Q&A
2025-10-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8428
EUVD
EUVD-2025-34210
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
centreon centreon_web From 23.10.0 (inc) to 23.10.28 (exc)
centreon centreon_web From 24.04.0 (inc) to 24.04.18 (exc)
centreon centreon_web From 24.10.0 (inc) to 24.10.13 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8428 is a Stored Cross-site Scripting (XSS) vulnerability in Centreon Infra Monitoring's HTTP Loader widget modules. It allows a user with minimal privileges, such as monitoring rights, to inject malicious JavaScript code into a custom view. This injected code can then be used to impersonate an administrator or supervisor by spoofing their session. [1]


How can this vulnerability impact me? :

This vulnerability can lead to session impersonation of administrators or supervisors, allowing attackers to potentially access sensitive information or perform actions with elevated privileges. Although it does not affect data integrity or availability, it has a high impact on confidentiality. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of CVE-2025-8428 involves monitoring for attempts to inject JavaScript payloads into custom views by users with monitoring privileges. Network traffic analysis tools or web application scanners can be used to detect suspicious input patterns or payloads targeting the Centreon Web HTTP Loader widget modules. Specific commands are not provided in the available resources. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating Centreon Web to the fixed versions 24.10.13, 24.04.18, or 23.10.28, which contain cumulative patches addressing this vulnerability. Users with monitoring privileges should be cautious about inputting data into custom views until the update is applied. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart