CVE-2025-54138
BaseFortify
Publication date: 2025-07-22
Last updated on: 2025-08-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| librenms | librenms | to 25.7.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in LibreNMS versions 25.6.0 and below in the ajax_form.php endpoint. It allows Remote File Inclusion (RFI) through a user-controlled POST parameter called 'type'. The application dynamically includes .inc.php files from a trusted directory without validating or allowlisting the input, which can lead to an attacker including malicious files if they can place them in the include path. This can result in Remote Code Execution (RCE) if exploited.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on the server running LibreNMS. This can lead to full compromise of the system, unauthorized access to sensitive data, disruption of network monitoring services, and potential lateral movement within the network.
What immediate steps should I take to mitigate this vulnerability?
Upgrade LibreNMS to version 25.7.0 or later, as this version contains the fix for the Remote File Inclusion vulnerability in ajax_form.php. Additionally, review and restrict access to the includes/html/forms/ directory to prevent unauthorized file staging, and audit your system for any symlinks or misconfigurations that could allow an attacker to place malicious files in the include path.