CVE-2025-23200

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Jan 16, 2025

CWE ID 79

Summary

CVE-2025-23200 is a stored XSS vulnerability affecting versions of the Librenms network monitoring system up to 24.10.1. The issue lies in the `ajax_form.php` file's 'state' parameter. An attacker can inject malicious scripts into this parameter, which then execute when a user interacts with or views the affected page. The consequences of this vulnerability include unauthorized actions and potential data exposure. Users are urged to upgrade to Librenms release version 24.11.0 to mitigate this risk, as there are currently no known workarounds for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

LibreNMS

Affected Vendors

LibreNMS

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2cFWOE
https://www.cve.org/CVERecord?id=CVE-2025-23200
https://nvd.nist.gov/vuln/detail/CVE-2025-23200

Back to Vulnerability Database