CVE-2025-68614 (GCVE-0-2025-68614)

Vulnerability from cvelistv5 – Published: 2025-12-22 23:43 – Updated: 2025-12-22 23:55

Title

LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

Summary

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/librenms/librenms/security/adv…	x_refsource_CONFIRM
	https://github.com/librenms/librenms/commit/ebe6c…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	librenms	librenms	Affected: < 25.12.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68614",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-22T23:55:04.294873Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-22T23:55:13.545Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "librenms",
          "vendor": "librenms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 25.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-22T23:43:02.947Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj"
        },
        {
          "name": "https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1"
        }
      ],
      "source": {
        "advisory": "GHSA-c89f-8g7g-59wj",
        "discovery": "UNKNOWN"
      },
      "title": "LibreNMS Alert Rule API Cross-Site Scripting Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-68614",
    "datePublished": "2025-12-22T23:43:02.947Z",
    "dateReserved": "2025-12-19T14:58:47.824Z",
    "dateUpdated": "2025-12-22T23:55:13.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-68614\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-23T00:15:43.677\",\"lastModified\":\"2025-12-23T14:51:52.650\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.9,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68614\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-22T23:55:04.294873Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-22T23:55:10.409Z\"}}], \"cna\": {\"title\": \"LibreNMS Alert Rule API Cross-Site Scripting Vulnerability\", \"source\": {\"advisory\": \"GHSA-c89f-8g7g-59wj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"librenms\", \"product\": \"librenms\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 25.12.0\"}]}], \"references\": [{\"url\": \"https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj\", \"name\": \"https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1\", \"name\": \"https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-22T23:43:02.947Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-68614\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-22T23:55:13.545Z\", \"dateReserved\": \"2025-12-19T14:58:47.824Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-12-22T23:43:02.947Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2025-68614

Vulnerability from fkie_nvd - Published: 2025-12-23 00:15 - Updated: 2025-12-23 14:51

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1
	security-advisories@github.com	https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0."
    }
  ],
  "id": "CVE-2025-68614",
  "lastModified": "2025-12-23T14:51:52.650",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-23T00:15:43.677",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-C89F-8G7G-59WJ

Vulnerability from github – Published: 2025-12-23 18:19 – Updated: 2025-12-23 18:19

Summary

LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

Details

Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoud_altookhy/IQCfcnOE5ykQSb6Fm-HFI872AZ_zeIJxU-3aDk0jh_eX_NE?e=zkN76d

ZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

-- CVSS -----------------------------------------

4.3: AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

-- ABSTRACT -------------------------------------

Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: LibreNMS - LibreNMS

-- VULNERABILITY DETAILS ------------------------ * Version tested: 25.10.0 * Installer file: NA * Platform tested: NA

Analysis

LibreNMS Alert Rule API Stored Cross-Site Scripting

Overview

Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code.

Affected versions

The latest version at the time of writing (25.10.0) is vulnerable.

Root cause

When an alert rule is created or updated via the API, function add_edit_rule() in includes/html/api_functions.inc.php is called to add/update the entry in the database. When an alert rule is created via the web interface, HTML tags are stripped from the rule name, however this is not the case when using the API.

As such, it is possible to create an alert rule where the name is:

<script>alert(1)</script>

Later, when a victim browses to the Alerts > Alert Rule page, PHP script\xc2\xa0includes/html/print-alert/rules.php\xc2\xa0is called. It notably includes the file\xc2\xa0includes/html/modal/alert_rule_list.inc.php, which returns HTML code for a modal window that searches alert rules.

The modal window includes an HTML table with all rules, including their name, and an inline JavaScript that calls the\xc2\xa0bootgrid()\xc2\xa0function (http://www.jquery-bootgrid.com/) for styling and enhancing the table.

alert_rule.list.inc.php sanitizes the rule name with the function e() before including it in the table, which XML encodes all special characters. However the\xc2\xa0bootgrid()\xc2\xa0function rewrites the table cells content when enhancing the table, and as a side effect, XML character references are decoded. After the script updated the table, the browser now interprets the payload as HTML tags and includes the code to the DOM.

Detection guidance

inspect HTTP POST and PUT requests to a Request-URI that includes the string\xc2\xa0/api/v0/rules
check if the\xc2\xa0name\xc2\xa0JSON value includes a < character

PoC

The proof-of-concept can be run as such:

python3 poc.py ip_addr -T <token>

-- CREDIT --------------------------------------- This vulnerability was discovered by: Simon Humbert of Trend Research of Trend Micro

-- FURTHER DETAILS ------------------------------

Supporting files:

If supporting files were contained with this report they are provided within a password protected ZIP file. The password is the ZDI candidate number in the form: ZDI-CAN-XXXX where XXXX is the ID number.

Please confirm receipt of this report. We expect all vendors to remediate ZDI vulnerabilities within 120 days of the reported date. If you are ready to release a patch at any point leading up to the deadline, please coordinate with us so that we may release our advisory detailing the issue. If the 120-day deadline is reached and no patch has been made available we will release a limited public advisory with our own mitigations, so that the public can protect themselves in the absence of a patch. Please keep us updated regarding the status of this issue and feel free to contact us at any time:

Zero Day Initiative zdi-disclosures@trendmicro.com

The PGP key used for all ZDI vendor communications is available from:

http://www.zerodayinitiative.com/documents/disclosures-pgp-key.asc

-- INFORMATION ABOUT THE ZDI -------------------- Established by TippingPoint and acquired by Trend Micro, the Zero Day Initiative (ZDI) neither re-sells vulnerability details nor exploit code. Instead, upon notifying the affected product vendor, the ZDI provides its Trend Micro TippingPoint customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available.

Please contact us for further details or refer to:

http://www.zerodayinitiative.com

-- DISCLOSURE POLICY ----------------------------

Our vulnerability disclosure policy is available online at:

http://www.zerodayinitiative.com/advisories/disclosure_policy/

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "librenms/librenms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "25.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-68614"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-23T18:19:16Z",
    "nvd_published_at": "2025-12-23T00:15:43Z",
    "severity": "MODERATE"
  },
  "details": "Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoud_altookhy/IQCfcnOE5ykQSb6Fm-HFI872AZ_zeIJxU-3aDk0jh_eX_NE?e=zkN76d\n\nZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability\n\n-- CVSS -----------------------------------------\n\n4.3: AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L\n\n-- ABSTRACT -------------------------------------\n\nTrend Micro\u0027s Zero Day Initiative has identified a vulnerability affecting the following products:\nLibreNMS - LibreNMS\n\n-- VULNERABILITY DETAILS ------------------------\n* Version tested:  25.10.0\n* Installer file:  NA\n* Platform tested: NA\n\n---\n\n### Analysis\n\nLibreNMS Alert Rule API Stored Cross-Site Scripting\n\n# Overview\nAlert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code.\n\n# Affected versions\nThe latest version at the time of writing (25.10.0) is vulnerable.\n\n# Root cause\nWhen an alert rule is created or updated via the API, function `add_edit_rule()` in `includes/html/api_functions.inc.php` is called to add/update the entry in the database. When an alert rule is created via the web interface, HTML tags are stripped from the rule name, however this is not the case when using the API.\n\nAs such, it is possible to create an alert rule where the name is:\n```\n\u003cscript\u003ealert(1)\u003c/script\u003e\n```\n\nLater, when a victim browses to the Alerts \u003e Alert Rule page, PHP script\\xc2\\xa0`includes/html/print-alert/rules.php`\\xc2\\xa0is called. It notably includes the file\\xc2\\xa0`includes/html/modal/alert_rule_list.inc.php`, which returns HTML code for a modal window that searches alert rules.\n\nThe modal window includes an HTML table with all rules, including their name, and an inline JavaScript that calls the\\xc2\\xa0`bootgrid()`\\xc2\\xa0function ([http://www.jquery-bootgrid.com/](http://www.jquery-bootgrid.com/)) for styling and enhancing the table.\n\n`alert_rule.list.inc.php` sanitizes the rule name with the function `e()` before including it in the table, which XML encodes all special characters. However the\\xc2\\xa0`bootgrid()`\\xc2\\xa0function rewrites the table cells content when enhancing the table, and as a side effect, XML character references are decoded. After the script updated the table, the browser now interprets the payload as HTML tags and includes the code to the DOM.\n\n# Detection guidance\n- inspect HTTP POST and PUT requests to a Request-URI that includes the string\\xc2\\xa0`/api/v0/rules`\n- check if the\\xc2\\xa0`name`\\xc2\\xa0JSON value includes a `\u003c` character\n\n# PoC\nThe proof-of-concept can be run as such:\n```\npython3 poc.py ip_addr -T \u003ctoken\u003e\n```\n\n\n-- CREDIT ---------------------------------------\nThis vulnerability was discovered by:\nSimon Humbert of Trend Research of Trend Micro\n\n-- FURTHER DETAILS ------------------------------\n\nSupporting files:\n\n\nIf supporting files were contained with this report they are provided within a password protected ZIP file. The password is the ZDI candidate number in the form: ZDI-CAN-XXXX where XXXX is the ID number.\n\nPlease confirm receipt of this report. We expect all vendors to remediate ZDI vulnerabilities within 120 days of the reported date. If you are ready to release a patch at any point leading up to the deadline, please coordinate with us so that we may release our advisory detailing the issue. If the 120-day deadline is reached and no patch has been made available we will release a limited public advisory with our own mitigations, so that the public can protect themselves in the absence of a patch. Please keep us updated regarding the status of this issue and feel free to contact us at any time:\n\nZero Day Initiative\nzdi-disclosures@trendmicro.com\n\nThe PGP key used for all ZDI vendor communications is available from:\n\n  http://www.zerodayinitiative.com/documents/disclosures-pgp-key.asc\n\n-- INFORMATION ABOUT THE ZDI --------------------\nEstablished by TippingPoint and acquired by Trend Micro, the Zero Day Initiative (ZDI) neither re-sells vulnerability details nor exploit code. Instead, upon notifying the affected product vendor, the ZDI provides its Trend Micro TippingPoint customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available.\n\nPlease contact us for further details or refer to:\n\n  http://www.zerodayinitiative.com\n\n-- DISCLOSURE POLICY ----------------------------\n\nOur vulnerability disclosure policy is available online at:\n\n  http://www.zerodayinitiative.com/advisories/disclosure_policy/",
  "id": "GHSA-c89f-8g7g-59wj",
  "modified": "2025-12-23T18:19:16Z",
  "published": "2025-12-23T18:19:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68614"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/librenms/librenms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LibreNMS Alert Rule API Cross-Site Scripting Vulnerability"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-68614 (GCVE-0-2025-68614)

FKIE_CVE-2025-68614

GHSA-C89F-8G7G-59WJ

Analysis

Overview

Affected versions

Root cause

Detection guidance

PoC

Tags

Sightings

Nomenclature