CVE-2025-55296

Exploit

EPSS 0.01%
Veröffentlicht 18.08.2025 17:27:52
Zuletzt bearbeitet 10.09.2025 14:23:14
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Librenms ≫ Librenms Version < 25.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.002

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	5.5	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/librenms/librenms/security/advisories/GHSA-vxq6-8cwm-wj99

Vendor Advisory

Exploit

https://github.com/librenms/librenms/commit/8ade3d827d317f5ac4b336617aafff865f825958

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-55296

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55296

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55296

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-55296