CVE-2025-55296

librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.

Published: Aug 18, 2025
Updated: Aug 20, 2025
CVE: CVE-2025-55296
GHSA: GHSA-vxq6-8cwm-wj99
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
librenms / librenms	-	25.8.0

https://github.com/librenms/librenms/commit/8ade3d827d317f5ac4b336617aafff865f825958
https://github.com/librenms/librenms/security/advisories/GHSA-vxq6-8cwm-wj99

Vulnerability Database

CVE-2025-55296

Deep Security Visibility Without the Complexity