CVE-2025-23198

Summary

CVE-2025-23198 is a stored Cross-Site Scripting (XSS) vulnerability affecting Librenms, a GPL-licensed network monitoring system. Versions up to 24.10.1 are vulnerable, and the issue can be exploited by injecting malicious scripts into the /device/$DEVICE_ID/edit endpoint through a parameter named "display". When a user opens or interacts with the affected page, the script executes, potentially resulting in unauthorized actions or data exposure. Librenms users are advised to upgrade to version 24.11.0 immediately to mitigate this risk. No known workarounds are available for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.