CVE-2025-54138 | LibreNMS up to 25.6.x ajax_form.php Type filename control (GHSA-gq96-8w38-hhj2)

A vulnerability was found in LibreNMS up to 25.6.x. It has been declared as problematic. This vulnerability affects unknown code of the file ajax_form.php. The manipulation of the argument Type leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability was named CVE-2025-54138. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More