CVE-2025-55300

CVSS v4.0

8.6

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Komari versions prior to 1.0.4-fix1

Description: Komari is a server monitoring tool. A Cross-Site WebSocket Hijacking (CSWSH) issue exists in the WebSocket upgrader due to disabled origin checking, potentially allowing remote code execution against authenticated users. An attacker can send requests to the terminal websocket endpoint with the victim's browser cookies.

Recommendations: Update to version 1.0.4-fix1 or later.

Exploit

Fix

RCE

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1385CWE-79

Related Identifiers

CVE-2025-55300

GHSA-Q355-H244-969H

GO-2025-3874

Affected Products

Komari

CVE-2025-55300

Weakness Enumeration

Related Identifiers

Affected Products

References · 16