11 matches found
CVE-2025-65014
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely...
CVE-2025-65013
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...
Weak Password Requirements
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Weak Password Requirements due to insufficient enforcement of password complexity requirements during the user creati...
CVE-2025-65014
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely...
CVE-2025-65013
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...
CVE-2025-65093 LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query...
CVE-2025-65093 LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query...
CVE-2025-65093
LibreNMS contains a Boolean-Based Blind SQL Injection in the hostname parameter of the /ajax_output.php endpoint. The hostname is interpolated into an SQL query without proper sanitization or parameter binding, enabling an attacker to infer data from the database via conditional responses. Impact...
CVE-2025-65014 LibreNMS has Weak Password Policy
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely...
CVE-2025-65014
LibreNMS before 25.11.0 has a weak password policy in user creation, allowing login with weak passwords (e.g., 12345678) and exposing the system to brute-force/credential-stuffing attacks. The issue is patched in 25.11.0; upgrade to that version or apply the available fix per advisories. No explo...
PT-2025-47404
Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.11.0 Description The user management functionality of LibreNMS fails to enforce a strong password policy, allowing administrators to create accounts with weak and predictable passwords, such as 12345678. This...