CVE-2025-54138
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | librenms/librenms | <25.7.0 | 25.7.0 |
References
- https://github.com/librenms/librenms/security/advisories/GHSA-gq96-8w38-hhj2
- https://nvd.nist.gov/vuln/detail/CVE-2025-54138
- https://github.com/librenms/librenms/pull/17990
- https://github.com/librenms/librenms/commit/ec89714d929ef0cf2321957ed9198b0f18396c81
- https://github.com/librenms/librenms
- https://github.com/librenms/librenms/releases/tag/25.7.0
Verify integrity in audit chain (admin only). AS-IS.