SCA: security update for librenms/librenms (GHSA-gq96-8w38-hhj2)

high Tenable Self-Hosted Container Security Plugin ID 428604

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide
range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an
architectural vulnerability in the ajax_form.php endpoint that permits Remote File Inclusion based on
user-controlled POST input. The application directly uses the type parameter to dynamically include
.inc.php files from the trusted path includes/html/forms/, without validation or allowlisting. This
pattern introduces a latent Remote Code Execution (RCE) vector if an attacker can stage a file in this
include path — for example, via symlink, development misconfiguration, or chained vulnerabilities. This is
fixed in version 25.7.0. (CVE-2025-54138)

See Also

https://github.com/advisories/GHSA-gq96-8w38-hhj2

Plugin Details

Severity: High

ID: 428604

Version: Revision 1.11

Type: Local

Family: SCA Checks

Published: 7/22/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.58

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-54138

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/21/2025

Vulnerability Publication Date: 7/21/2025

Reference Information

CVE: CVE-2025-54138

cwe: CWE-98