diff --git a/pkgs/by-name/li/librenms/package.nix b/pkgs/by-name/li/librenms/package.nix
index becb2c17bf2e..d5f06af9a804 100644
--- a/pkgs/by-name/li/librenms/package.nix
+++ b/pkgs/by-name/li/librenms/package.nix
@@ -1,6 +1,7 @@
 {
   lib,
   fetchFromGitHub,
+  fetchpatch,
   unixtools,
   php82,
   python3,
@@ -38,6 +39,15 @@ phpPackage.buildComposerProject2 rec {
 
   vendorHash = "sha256-t/3wBSXJJHqbGR1iKF4zC2Ia99gXNlanabR/iPPlHqw=";
 
+  patches = [
+    (fetchpatch {
+      # https://github.com/advisories/GHSA-gq96-8w38-hhj2
+      name = "CVE-2025-54138.patch";
+      url = "https://github.com/librenms/librenms/commit/ec89714d929ef0cf2321957ed9198b0f18396c81.patch";
+      hash = "sha256-UJy0AZXpvowvjSnJy7m4Z5JPoYWjydUg1R+jz/Pl1s0=";
+    })
+  ];
+
   php = phpPackage;
 
   buildInputs = [