Moderate severityNVD Advisory· Published Aug 18, 2025· Updated Aug 18, 2025
LibreNMS allows stored XSS in Alert Template name field
CVE-2025-55296
Description
librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
librenms/librenmsPackagist | < 25.8.0 | 25.8.0 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-vxq6-8cwm-wj99ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-55296ghsaADVISORY
- github.com/librenms/librenms/commit/8ade3d827d317f5ac4b336617aafff865f825958ghsax_refsource_MISCWEB
- github.com/librenms/librenms/security/advisories/GHSA-vxq6-8cwm-wj99ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.