CVE-2025-55296 | THREATINT

Description

librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.

PUBLISHED Reserved 2025-08-12 | Published 2025-08-18 | Updated 2025-08-18 | Assigner GitHub_M

MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

< 25.8.0

affected

References

github.com/...brenms/security/advisories/GHSA-vxq6-8cwm-wj99

github.com/...ommit/8ade3d827d317f5ac4b336617aafff865f825958

cve.org (CVE-2025-55296)

nvd.nist.gov (CVE-2025-55296)

Download JSON