CVE-2025-55300 Information
Aug 19, 2025
cve
Description
Komari is a lightweight self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1 WebSocket upgrader has disabled origin checking enabling Cross-Site WebSocket Hijacking (CSWSH) attacks against authenticated users. Any third party website can send requests to the terminal websocket endpoint with browser’s cookies resulting in remote code execution. This vulnerability is fixed in 1.0.4-fix1.
Reference
https://github.com/komari-monitor/komari/commit/d31d12e59febce100ab0285b93338f09aa5d6cb1 https://github.com/komari-monitor/komari/security/advisories/GHSA-q355-h244-969h
Related CNNVD
CNNVD-202508-2041 (Published: 2025-08-18)
Share on: