LibreNMS allows stored XSS in Alert Template name field

5.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Description

librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.

Basic Information

ID CVE-2025-55296

Source GitHub_M

Published Aug 18, 2025 at 17:27

Modified Aug 18, 2025 at 17:38

Affected Product

Vendor librenms

Product librenms

Version < 25.8.0

Affected Versions librenms librenms < 25.8.0

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.",
    "published": "2025-08-18T17:27:52.662Z",
    "modified": "2025-08-18T17:38:16.117Z",
    "type": "cve",
    "title": "LibreNMS allows stored XSS in Alert Template name field",
    "source": "GitHub_M",
    "references": "https://github.com/librenms/librenms/security/advisories/GHSA-vxq6-8cwm-wj99\nhttps://github.com/librenms/librenms/commit/8ade3d827d317f5ac4b336617aafff865f825958",
    "id": "CVE-2025-55296",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "librenms librenms < 25.8.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "librenms",
    "version": "< 25.8.0",
    "vendor": "librenms",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

LibreNMS allows stored XSS in Alert Template name field_CVE-2025-55296