CVE-2025-47931

LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284	Product
https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062	Patch
https://github.com/librenms/librenms/pull/17603	Issue Tracking Patch
https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*

History

28 May 2025, 13:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:librenms:librenms::::::::
First Time		Librenms librenms Librenms
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
References	~~() https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284 -~~	() https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284 - Product
References	~~() https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062 -~~	() https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062 - Patch
References	~~() https://github.com/librenms/librenms/pull/17603 -~~	() https://github.com/librenms/librenms/pull/17603 - Issue Tracking, Patch
References	~~() https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5 -~~	() https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5 - Exploit, Vendor Advisory

19 May 2025, 13:35

Type	Values Removed	Values Added
Summary		(es) LibreNMS es un software de monitorización de red basado en PHP/MySQL/SNMP. LibreNMS v25.4.0 y versiones anteriores presenta una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el parámetro `group name` del formato `http://localhost/poller/groups`. Esta vulnerabilidad permite a los atacantes inyectar scripts maliciosos en páginas web visitadas por otros usuarios. LibreNMS v25.5.0 incluye un parche para solucionar este problema.

17 May 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-17 16:15

Updated : 2025-05-28 13:19

NVD link : CVE-2025-47931

Mitre link : CVE-2025-47931

CVE.ORG link : CVE-2025-47931

JSON object : View

Products Affected

librenms

librenms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10