Reflected XSS Vulnerability in LibreNMS Network Monitoring System
CVE-2025-62365

5.5MEDIUM

Key Information:

Vendor: Librenms
Status: Librenms
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-62365?

LibreNMS, an open-source network monitoring system based on PHP, MySQL, and SNMP, is vulnerable to a reflected cross-site scripting (XSS) attack due to improper input validation in the 'report_this' function located in 'librenms/includes/functions.php'. The vulnerability arises from a faulty implementation of the htmlentities function, particularly in an anchor tag context, which allows for the injection of malicious scripts through the 'project_issues' parameter. This vulnerability was addressed in version 25.7.0.

Affected Version(s)

librenms < 25.7.0

References

https://github.com/librenms/librenms/security/advisories/...

x_refsource_CONFIRM

https://github.com/librenms/librenms/commit/30d3dd7e5f5e2...

x_refsource_MISC

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Oct 10, 2025

JSON

Librenms

What is CVE-2025-62365?

Affected Version(s)

References

CVSS V4

Timeline