HTTP: LibreNMS Device Misc dynamic_override_config Stored Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against LibreNMS. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected Products
Librenms librenms
References
CVE: CVE-2025-23199
Short Name
HTTP:XSS:LIBRE-NMS-DVCE-MSC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2025-23199 CVE-2025-23200 Cross-Site Device LibreNMS Misc Scripting Stored dynamic_override_config
Release Date
04/02/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3797
False Positive
Unknown
Vendors
Librenms