CVE-2025-23199

Name of the Vulnerable Software and Affected Versions Librenms versions prior to 24.11.0

Description The issue is related to a stored XSS vulnerability in the parameter: /ajax form.php -> param: descr. This allows remote attackers to inject malicious scripts, which execute immediately when a user views or interacts with the page displaying the data, potentially leading to unauthorized actions or data exposure.

Recommendations For versions up to 24.10.1, update to version 24.11.0 to resolve the issue. As a temporary workaround, consider restricting access to the /ajax form.php endpoint until the update is applied. Avoid using the descr parameter in the affected API endpoint until the issue is resolved. At the moment, there is no other information about additional workarounds for this vulnerability.