CVE-2025-47931 – This stored XSS vulnerability in LibreNMS allow... (How to Fix)

Q: What is the severity of CVE-2025-47931?

CVE-2025-47931 has a CVSS score of 6.1 (MEDIUM). This stored XSS vulnerability in LibreNMS allows attackers to inject malicious scripts into the 'group name' parameter of the poller groups form. When other users view the affected page, the scripts execute in their browser context. All LibreNMS installations running version 25.4.0 or earlier are affected.

📋 TL;DR

This stored XSS vulnerability in LibreNMS allows attackers to inject malicious scripts into the 'group name' parameter of the poller groups form. When other users view the affected page, the scripts execute in their browser context. All LibreNMS installations running version 25.4.0 or earlier are affected.

💻 Affected Systems

Products:

LibreNMS

Versions: v25.4.0 and prior

Operating Systems: All platforms running LibreNMS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using the poller groups feature are vulnerable. The vulnerability requires attacker access to create or modify poller groups.

📦 What is this software?

Librenms by Librenms

View all CVEs affecting Librenms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, redirect users to malicious sites, or install malware via drive-by downloads.

🟠

Likely Case

Session hijacking leading to unauthorized access, data theft, or privilege escalation within the LibreNMS application.

🟢

If Mitigated

Script execution blocked by Content Security Policy or modern browser XSS protections, limiting impact to minor UI manipulation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the poller groups interface. The vulnerability is straightforward to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v25.5.0

Vendor Advisory: https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5

Restart Required: No

Instructions:

1. Backup your LibreNMS installation and database. 2. Update to LibreNMS v25.5.0 using git: 'git pull origin master'. 3. Run database updates: './daily.sh'. 4. Verify the fix by checking the version: './lnms --version'.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side input validation to sanitize group name parameters

Edit includes/html/pages/addhost.inc.php and add htmlspecialchars() or similar sanitization to group name inputs

Content Security Policy

all

Implement strict CSP headers to block inline script execution

Add 'Content-Security-Policy: script-src 'self'' to web server configuration

🧯 If You Can't Patch

Restrict access to poller groups interface to trusted administrators only
Implement web application firewall rules to block XSS payloads in group name parameters

🔍 How to Verify

Check if Vulnerable:

Check if your LibreNMS version is 25.4.0 or earlier: './lnms --version'

Check Version:

./lnms --version

Verify Fix Applied:

After updating, verify version is 25.5.0 or later and test group name input with XSS payloads like '<script>alert(1)</script>'

📡 Detection & Monitoring

Log Indicators:

Unusual group name entries containing script tags or JavaScript in poller logs
Multiple failed XSS attempts in web server logs

Network Indicators:

HTTP requests with script tags in POST parameters to /poller/groups endpoint

SIEM Query:

source="*apache*" OR source="*nginx*" AND ("poller/groups" AND ("<script" OR "javascript:" OR "onerror="))

📊 Metadata

CVE ID: CVE-2025-47931

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0% exploit probability (0.1th percentile)

Published: May 17, 2025

Last Updated: May 28, 2025

🔗 References

https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284 Product
https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062 Patch
https://github.com/librenms/librenms/pull/17603 Issue Tracking,Patch
https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-47931, you might also want to check these: