Stored Cross-Site Scripting in LibreNMS Network Monitoring Software
CVE-2025-47931

2.1LOW

Key Information:

Vendor

Librenms

Status
Librenms
Vendor
CVE Published:
17 May 2025

What is CVE-2025-47931?

LibreNMS, a network monitoring software based on PHP/MySQL/SNMP, is susceptible to a Stored Cross-Site Scripting vulnerability found in the 'group name' parameter of the poller groups form. This flaw allows attackers to inject malicious scripts that can be executed when other users access the affected web pages, potentially compromising user data and security. Users are advised to upgrade to LibreNMS version 25.5.0 or later, which includes a comprehensive patch addressing this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

librenms < 25.5.0

References

https://github.com/librenms/librenms/security/advisories/...
x_refsource_CONFIRM
https://github.com/librenms/librenms/pull/17603
x_refsource_MISC
https://github.com/librenms/librenms/commit/88fe1a7abdb50...
x_refsource_MISC

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.