Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajax_form.php endpoint that permits Remote File Inclusion based on user-controlled POST input. The application directly uses the type parameter to dynamically include .inc.php files from the trusted path includes/html/forms/, without validation or allowlisting. This pattern introduces a latent Remote Code Execution (RCE) vector if an attacker can stage a file in this include path — for example, via symlink, development misconfiguration, or chained vulnerabilities. This is fixed in version 25.7.0.

INFO

Published Date :

2025-07-22T21:33:59.149Z

Last Modified :

2025-07-23T18:26:50.196Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54138 vulnerability.

Vendors Products
Librenms
  • Librenms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54138.

URL Resource
https://github.com/librenms/librenms/commit/ec89714d929ef0cf2321957ed9198b0f18396c81 cve-icon cve-icon
https://github.com/librenms/librenms/pull/17990 cve-icon cve-icon
https://github.com/librenms/librenms/releases/tag/25.7.0 cve-icon cve-icon
https://github.com/librenms/librenms/security/advisories/GHSA-gq96-8w38-hhj2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact