Home > Vulnerability Database > CVE-2025-55300

Mend.io Vulnerability Database

CVE-2025-55300

Good to know:

Date: August 18, 2025

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks against authenticated users. Any third party website can send requests to the terminal websocket endpoint with browser's cookies, resulting in remote code execution. This vulnerability is fixed in 1.0.4-fix1.

Severity Score

8.8

Related Resources (8)

Url: https://github.com/komari-monitor/komari

Url: https://github.com/komari-monitor/komari/commit/53171affcaf050145810efaaef420651a6e630be

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55300

Url: https://github.com/komari-monitor/komari/commit/d31d12e59febce100ab0285b93338f09aa5d6cb1

Url: https://github.com/komari-monitor/komari/releases/tag/1.0.4-fix2

Url: https://github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/terminal.go#L33-L35

Url: https://github.com/komari-monitor/komari/security/advisories/GHSA-q355-h244-969h

Url: https://www.mend.io/vulnerability-database/CVE-2025-55300

Severity Score

8.8

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version https://github.com/komari-monitor/komari.git - 1.0.4-fix1

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55300

Good to know:

Date: August 18, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?