Vulnerability Description
LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Librenms | Librenms | < 25.5.0 |
Related Weaknesses (CWE)
References
- https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.incProduct
- https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ffPatch
- https://github.com/librenms/librenms/pull/17603Issue TrackingPatch
- https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5ExploitVendor Advisory
FAQ
What is CVE-2025-47931?
CVE-2025-47931 is a vulnerability with a CVSS score of 6.1 (MEDIUM). LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://loc...
How severe is CVE-2025-47931?
CVE-2025-47931 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-47931?
Check the references section above for vendor advisories and patch information. Affected products include: Librenms Librenms.