CVE-2025-54138 HIGH

CVE-2025-54138: LibreNMS has Authenticated Local File Inclusion in ajax_form.php that Allows RCE

Vendor Librenms
Product librenms
Weakness CWE-98 · PHP file inclusion
Published July 22, 2025
Last update July 23, 2025
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajax_form.php endpoint that permits Remote File Inclusion based on user-controlled POST input. The application directly uses the type parameter to dynamically include .inc.php files from the trusted path includes/html/forms/, without validation or allowlisting. This pattern introduces a latent Remote Code Execution (RCE) vector if an attacker can stage a file in this include path — for example, via symlink, development misconfiguration, or chained vulnerabilities. This is fixed in version 25.7.0.

Key dates

02Disclosure timeline

July 22, 2025 CVE published
July 23, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-58930 WordPress FitFlex theme <= 1.6 - Local File Inclusion vulnerability CVE-2025-58955 WordPress Karzo theme < 2.6 - Local File Inclusion vulnerability CVE-2025-23937 WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability CVE-2025-69373 WordPress VidoRev theme <= 2.9.9.9.9.9.7 - Local File Inclusion vulnerability CVE-2026-27337 WordPress Chronicle - Lifestyle Magazine & Blog WordPress Theme theme <= 1.0 - Local File Inclusion vulnerability