CVE-2025-55300

Description

Komari vulnerable to Cross-site WebSocket Hijacking in github.com/komari-monitor/komari

How to fix CVE-2025-55300

To remediate CVE-2025-55300, upgrade the affected package to a fixed version below.

• Go/github.com/komari-monitor/komari—upgrade to 0.0.0-20250809073044-53171affcaf0 or later
• Go/github.com/komari-monitor/komari—upgrade to 0.0.0-20250809073044-53171affcaf0 or later

Is CVE-2025-55300 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 0.0.0-20250809073044-53171affcaf0
• from 0, < 0.0.0-20250809073044-53171affcaf0

CVSS scores

References (5)

• PATCHgithub.com/komari-monitor/komari
• WEBgithub.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/terminal.go#L33-L35
• WEBgithub.com/komari-monitor/komari/commit/53171affcaf050145810efaaef420651a6e630be
• WEBgithub.com/komari-monitor/komari/releases/tag/1.0.4-fix2