216.73.217.22

CVE-2025-54138

· Published 22/07/2025 22:15 · Modified 22/07/2025 22:15

Labels: CVE-2025-54138 2025-07-22CVE-2025-54138CWE-98[email protected]

Essential information

Published
22/07/2025 22:15
Modified
22/07/2025 22:15
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajax_form.php endpoint that permits Remote File Inclusion based on user-controlled POST input. The application directly uses the type parameter to dynamically include .inc.php files from the trusted path includes/html/forms/, without validation or allowlisting. This pattern introduces a latent Remote Code Execution (RCE) vector if an attacker can stage a file in this include path — for example, via symlink, development misconfiguration, or chained vulnerabilities. This is fixed in version 25.7.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
librenms / librenms cpe:2.3:a:librenms:librenms:25.6.0:*:*:*:*:*:*:*
librenms / librenms cpe:2.3:a:librenms:librenms:<25.7.0:*:*:*:*:*:*

References