CVE-2025-55296

Published: Aug 18, 2025

Modified: Aug 18, 2025

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.

Vendor	Product	Versions
librenms	librenms	affected `< 25.8.0`

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/librenms/librenms/security/advisories/GHSA-vxq6-8cwm-wj99

x_refsource_CONFIRM

https://github.com/librenms/librenms/commit/8ade3d827d317f5ac4b336617aafff865f825958

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-55296

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References