CVE-2025-55300 – Komari WebSocket Origin Bypass Remote Code Execution Vulnerability

August 18, 2025

CVE ID : CVE-2025-55300

Published : Aug. 18, 2025, 6:15 p.m. | 7 hours, 47 minutes ago

Description : Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks against authenticated users. Any third party website can send requests to the terminal websocket endpoint with browser’s cookies, resulting in remote code execution. This vulnerability is fixed in 1.0.4-fix1.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-55299 – VaulTLS Empty Password Authentication Bypass

Next Article CVE-2025-7693 – “Vulnerability in CIP Controller Malformed Packet Handling”

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

Looking to Outsource React.js Development? Here’s What Top Agencies Are Doing Right

Beyond The Hype: What AI Can Really Do For Product Design

BrowserStack launches Chrome extension that bundles 10+ manual web testing tools

How much RAM does your Linux PC really need in 2025?

Have solar at home? Supercharge that investment with this other crucial component

I replaced my MacBook charger with this compact wall unit – and wish I’d done it sooner

5 reasons to switch to an immutable Linux distro today – and which to try first

Sentry Adds Logs Support for Laravel Apps

Sentry Adds Logs Support for Laravel Apps

Efficient Context Management with Laravel’s Remember Functions

Laravel Devtoolbox: Your Swiss Army Knife Artisan CLI

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

We gave OpenAI’s open-source AI a kid’s test — here’s what happened

With GTA 6, next-gen exclusives, and a console comeback on the horizon, Xbox risks sitting on the sidelines — here’s why

CVE-2025-55300 – Komari WebSocket Origin Bypass Remote Code Execution Vulnerability

Workday Staff Fall to Social Engineering; Hackers Access Third-Party CRM Platform

Get Ready for the Black Hat USA 2025 CISO Podcast Series from The Cyber Express and Suraksha Catalyst

Bridewell Uncovers ‘Operation Deceptive Prospect’ Targeting UK Organizations via Feedback Portals

How to Use Google Authenticator

CVE-2025-6401 – TOTOLINK N300RH HTTP POST Message Handler Denial of Service Vulnerability

CVE-2025-47667 – LiveAgent CSRF

CVE-2025-5273 – Mcp-Markdownify-Server File Access Vulnerability

NodeSource N|Solid Runtime Release – May 2025: Performance, Stability & the Final Update for v18

Digitale videorecorders TBK aangevallen door Mirai-botnet

CVE-2011-10009 – Apache S40 CMS Path Traversal Vulnerability

CVE-2025-55300 – Komari WebSocket Origin Bypass Remote Code Execution Vulnerability

Related Posts