CVE-2025-55296 MEDIUM

CVE-2025-55296: LibreNMS allows stored XSS in Alert Template name field

Vendor Librenms
Product librenms
Weakness CWE-79 · XSS
Published August 18, 2025
Last update August 18, 2025

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.

Key dates

02Disclosure timeline

August 18, 2025 CVE published
August 18, 2025 Record updated