CVE-2025-12511 in Infra Monitoring
Summary
by MITRE • 01/05/2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS
to user with elevated privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/26/2026
The vulnerability identified as CVE-2025-12511 represents a critical cross-site scripting weakness within Centreon Infra Monitoring's DSM extension configuration modules, specifically targeting the improper neutralization of input during web page generation processes. This flaw enables stored cross-site scripting attacks that can be exploited by users possessing elevated privileges, creating a significant security risk for organizations relying on Centreon's infrastructure monitoring capabilities. The vulnerability manifests in multiple version ranges including 25.10.0 through 25.10.0, 24.10.0 through 24.10.3, and 24.04.0 through 24.04.7, indicating a widespread impact across several major releases of the monitoring platform.
The technical implementation of this vulnerability stems from inadequate input validation and sanitization mechanisms within the web application's content generation pipeline. When privileged users interact with the DSM extension configuration modules, malicious input containing script payloads can be stored within the application's database or configuration files. This stored data is subsequently rendered in web pages without proper escaping or encoding, allowing the injected scripts to execute in the context of other users' browsers. The flaw specifically falls under CWE-79, which categorizes improper neutralization of input during web page generation as a primary weakness enabling XSS attacks, with the stored nature of this vulnerability making it particularly dangerous as it can affect multiple users over time.
The operational impact of this vulnerability extends beyond simple data theft or session hijacking, as it provides attackers with the ability to manipulate the monitoring environment itself. Privileged users with elevated access can inject malicious scripts that could redirect users to phishing sites, steal sensitive monitoring credentials, or even modify configuration settings that affect system availability. The stored nature of the XSS vulnerability means that once exploited, the malicious payloads persist and can affect all users who view the affected pages, potentially compromising the integrity of the entire monitoring infrastructure. This creates a persistent threat vector that can undermine the trustworthiness of monitoring data and system alerts, making it particularly concerning for security operations teams relying on Centreon for infrastructure visibility.
Organizations should immediately implement mitigations including applying the available patches for versions 25.10.1, 24.10.4, and 24.04.8 to address the vulnerability. Network segmentation and access controls should be strengthened to limit the number of users with elevated privileges, while input validation should be enhanced at multiple layers of the application stack. The ATT&CK framework categorizes this vulnerability under T1566.001 for credential access through phishing and T1071.001 for application layer protocol usage, highlighting the potential for broader exploitation once initial access is gained. Additionally, implementing Content Security Policy headers and regular security scanning of web application inputs can provide additional defense-in-depth measures to protect against similar vulnerabilities in the future.