CVE-2025-23198 – This stored XSS vulnerability in LibreNMS allow... (How to Fix)

Q: What is the severity of CVE-2025-23198?

CVE-2025-23198 has a CVSS score of 4.6 (MEDIUM). This stored XSS vulnerability in LibreNMS allows attackers to inject malicious scripts into device display parameters. When administrators view or edit affected devices, the scripts execute in their browser context, potentially leading to session hijacking or unauthorized actions. All LibreNMS instances up to version 24.10.1 are affected.

📋 TL;DR

This stored XSS vulnerability in LibreNMS allows attackers to inject malicious scripts into device display parameters. When administrators view or edit affected devices, the scripts execute in their browser context, potentially leading to session hijacking or unauthorized actions. All LibreNMS instances up to version 24.10.1 are affected.

💻 Affected Systems

Products:

LibreNMS

Versions: Up to and including 24.10.1

Operating Systems: All platforms running LibreNMS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using affected versions are vulnerable regardless of configuration.

📦 What is this software?

Librenms by Librenms

View all CVEs affecting Librenms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to full system takeover, data exfiltration, or deployment of additional malware.

🟠

Likely Case

Session hijacking of authenticated users, unauthorized configuration changes, or credential theft.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though risk remains until patched.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to edit device parameters, but stored nature makes it persistent.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.11.0

Vendor Advisory: https://github.com/librenms/librenms/security/advisories/GHSA-pm8j-3v64-92cq

Restart Required: No

Instructions:

1. Backup your LibreNMS installation and database. 2. Update LibreNMS to version 24.11.0 or later using your preferred update method (git pull, package manager, or manual download). 3. Run ./daily.sh to update database schema if needed. 4. Verify the update completed successfully.

🧯 If You Can't Patch

Restrict access to device edit functionality to trusted administrators only.
Implement web application firewall rules to block XSS payloads in device parameters.

🔍 How to Verify

Check if Vulnerable:

Check LibreNMS version via web interface or command line. If version is 24.10.1 or earlier, you are vulnerable.

Check Version:

cd /opt/librenms && ./lnms --version

Verify Fix Applied:

After updating, verify version is 24.11.0 or later and test device edit functionality with XSS payloads to confirm sanitization.

📡 Detection & Monitoring

Log Indicators:

Unusual device parameter modifications containing script tags or JavaScript code
Multiple failed login attempts followed by device edits

Network Indicators:

HTTP POST requests to /device/*/edit with suspicious parameter values

SIEM Query:

source="librenms" AND (uri_path="/device/*/edit" AND (param_value CONTAINS "<script>" OR param_value CONTAINS "javascript:"))

📊 Metadata

CVE ID: CVE-2025-23198

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.08% exploit probability (23.3th percentile)

Published: January 16, 2025

Last Updated: April 28, 2025

🔗 References

https://github.com/librenms/librenms/security/advisories/GHSA-pm8j-3v64-92cq Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-23198, you might also want to check these: