CVE-2025-23199

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Jan 16, 2025

CWE ID 79

Summary

CVE-2025-23199 is a stored Cross-Site Scripting (XSS) vulnerability affecting versions of librenms, a community-based network monitoring system, up to 24.10.1. The issue lies in the `/ajax_form.php` endpoint and the `descr` parameter. Successful exploitation allows remote attackers to inject malicious scripts, which are then executed when a user views or interacts with the affected page. Consequences range from unauthorized actions to data exposure. Users are strongly urged to upgrade to version 24.11.0 as there are no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

LibreNMS

Affected Vendors

LibreNMS

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2cFa27
https://www.cve.org/CVERecord?id=CVE-2025-23199
https://nvd.nist.gov/vuln/detail/CVE-2025-23199

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners