Home > Vulnerability Database > CVE-2025-47931

Mend.io Vulnerability Database

CVE-2025-47931

Good to know:

Date: May 17, 2025

LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the "group name" parameter of the "http://localhost/poller/groups"; form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue.

Severity Score

6.1

Related Resources (7)

Url: https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-47931

Url: https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5

Url: https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284

Url: https://github.com/librenms/librenms/pull/17603

Url: https://github.com/librenms/librenms

Url: https://www.mend.io/vulnerability-database/CVE-2025-47931

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version https://github.com/librenms/librenms.git - 25.5.0

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-47931

Good to know:

Date: May 17, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?