CVE-2025-62365

Summary

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in report_this function in librenms/includes/functions.php. The report_this function had improper filtering (htmlentities function was incorrectly use in a href environment), which caused the project_issues parameter to trigger an XSS vulnerability. This vulnerability is fixed in 25.7.0.

Affected Software

VendorProductVersion RangeStatus
librenmslibrenms< 25.7.0affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References