Vulnerability Description
Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks against authenticated users. Any third party website can send requests to the terminal websocket endpoint with browser's cookies, resulting in remote code execution. This vulnerability is fixed in 1.0.4-fix1.
Related Weaknesses (CWE)
References
- https://github.com/komari-monitor/komari/commit/d31d12e59febce100ab0285b93338f09
- https://github.com/komari-monitor/komari/security/advisories/GHSA-q355-h244-969h
FAQ
What is CVE-2025-55300?
CVE-2025-55300 is a documented vulnerability. Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled ...
How severe is CVE-2025-55300?
CVSS scoring is not yet available for CVE-2025-55300. Check NVD for updates.
Is there a patch for CVE-2025-55300?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.