Description

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks against authenticated users. Any third party website can send requests to the terminal websocket endpoint with browser's cookies, resulting in remote code execution. This vulnerability is fixed in 1.0.4-fix1.

INFO

Published Date :

2025-08-18T17:41:37.372Z

Last Modified :

2025-08-18T17:52:19.481Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55300 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55300.

URL Resource
https://github.com/komari-monitor/komari/commit/d31d12e59febce100ab0285b93338f09aa5d6cb1 cve-icon cve-icon
https://github.com/komari-monitor/komari/security/advisories/GHSA-q355-h244-969h cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability