librenms/librenms Security Advisories for 25.1.0 (9)
-
[MEDIUM] LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
PKSA-7dfn-9svk-zsqn CVE-2025-65093 GHSA-6pmj-xjxp-p8g9
Affected version: <=25.10.0
Reported by:
GitHub -
[LOW] LibreNMS has Weak Password Policy
PKSA-5jjt-bqv9-rkt7 CVE-2025-65014 GHSA-5mrf-j8v6-f45g
Affected version: <25.11.0
Reported by:
GitHub -
[MEDIUM] LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
PKSA-2rhd-6w4r-2261 CVE-2025-65013 GHSA-j8cq-7f6p-256x
Affected version: <25.11.0
Reported by:
GitHub -
[LOW] LibreNMS alert-rules has a Cross-Site Scripting Vulnerability
PKSA-dd4d-7vsb-nysk CVE-2025-62412 GHSA-6g2v-66ch-6xmh
Affected version: <=25.8.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has a Stored XSS vulnerability in its Alert Transport name field
PKSA-d4tx-zpjw-46cf CVE-2025-62411 GHSA-frc6-pwgr-c28w
Affected version: <25.10.0
Reported by:
GitHub -
[MEDIUM] LibreNMS is vulnerable to Reflected-XSS in `report_this` function
PKSA-hmpp-vqmr-y8ct CVE-2025-62365 GHSA-86rg-8hc8-v82p
Affected version: <=25.6.0
Reported by:
GitHub -
[MEDIUM] LibreNMS allows stored XSS in Alert Template name field
PKSA-hnxn-wg5j-bmg6 CVE-2025-55296 GHSA-vxq6-8cwm-wj99
Affected version: <25.8.0
Reported by:
GitHub -
[HIGH] LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE
PKSA-q97j-hw3m-d3vd CVE-2025-54138 GHSA-gq96-8w38-hhj2
Affected version: <25.7.0
Reported by:
GitHub -
[LOW] LibreNMS stored Cross-site Scripting vulnerability in poller group name
PKSA-zmjd-rkhn-89x6 CVE-2025-47931 GHSA-hxw5-9cc5-cmw5
Affected version: <25.5.0
Reported by:
GitHub