cvelistv5 - cve-2025-62412

CVE-2025-62412 (GCVE-0-2025-62412)

Vulnerability from cvelistv5 – Published: 2025-10-16 17:54 – Updated: 2025-10-16 19:21

Summary

LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts > Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0.

Severity ?

3.8 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/librenms/librenms/security/adv…	x_refsource_CONFIRM
	https://github.com/librenms/librenms/commit/dccdf…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	librenms	librenms	Affected: < 25.10.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62412",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-16T18:25:48.701440Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-16T19:21:43.259Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "librenms",
          "vendor": "librenms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 25.10.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibreNMS  is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts \u003e Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-16T17:54:09.256Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh"
        },
        {
          "name": "https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f"
        }
      ],
      "source": {
        "advisory": "GHSA-6g2v-66ch-6xmh",
        "discovery": "UNKNOWN"
      },
      "title": "LibreNMS alert-rules Cross-Site Scripting Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-62412",
    "datePublished": "2025-10-16T17:54:09.256Z",
    "dateReserved": "2025-10-13T16:26:12.179Z",
    "dateUpdated": "2025-10-16T19:21:43.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-62412\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-10-16T18:15:39.920\",\"lastModified\":\"2025-10-23T12:31:34.033\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LibreNMS  is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts \u003e Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":3.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"25.8.0\",\"versionEndExcluding\":\"25.10.0\",\"matchCriteriaId\":\"B0807962-971F-4B6B-BC01-20A7DE1B30AC\"}]}]}],\"references\":[{\"url\":\"https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-62412\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-16T18:25:48.701440Z\"}}}], \"references\": [{\"url\": \"https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-16T18:25:53.790Z\"}}], \"cna\": {\"title\": \"LibreNMS alert-rules Cross-Site Scripting Vulnerability\", \"source\": {\"advisory\": \"GHSA-6g2v-66ch-6xmh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"librenms\", \"product\": \"librenms\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 25.10.0\"}]}], \"references\": [{\"url\": \"https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh\", \"name\": \"https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f\", \"name\": \"https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LibreNMS  is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts \u003e Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-10-16T17:54:09.256Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-62412\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-16T19:21:43.259Z\", \"dateReserved\": \"2025-10-13T16:26:12.179Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-10-16T17:54:09.256Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-6G2V-66CH-6XMH

Vulnerability from github – Published: 2025-10-16 20:18 – Updated: 2025-10-16 20:18

Summary

LibreNMS alert-rules has a Cross-Site Scripting Vulnerability

Details

Executive Summary

Product: LibreNMS
Vendor: LibreNMS
Vulnerability Type: Cross-Site Scripting (XSS)
CVSS Score: 4.3 (AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)
Affected Version: 25.8.0 (latest at time of discovery)
POC File: Download POC Ticket: ZDI-CAN-28105: LibreNMS Alert Rules Cross-Site Scripting Vulnerability

Vulnerability Details

Description

Trend Micro's Zero Day Initiative has identified a Cross-Site Scripting vulnerability in LibreNMS. The vulnerability exists in the Alert Rules functionality where the alert rule name is not properly sanitized, allowing injection of HTML code.

Technical Details

Version Tested: 25.8.0
Installer File: 25.8.0.tar.gz
Download Link: https://github.com/librenms/librenms/archive/refs/tags/25.8.0.tar.gz
Platform: N/A

Attack Vector

When browsing to Alerts > Alert Rules page, a LibreNMS admin can add and manage alert rules. The alert rule name field is vulnerable to XSS attacks through improper sanitization.

Root Cause Analysis

Vulnerable Request

When creating or updating an alert rule, the following HTTP POST request is sent to /ajax_form.php:

``` POST /ajax_form.php HTTP/1.1 ...

_token=9YjTntCuMIe2ujpumwqJQoENRXUhJzlDt33Xu7kx&device_id=-1&device_name=&rule_id=&type=alert-rules&template_id=&builder_json=%7B%22condition%22%3A%22AND%22%2C%22rules%22%3A%5B%7B%22id%22%3A%22access_points.accesspoint_id%22%2C%22field%22%3A%22access_points.accesspoint_id%22%2C%22type%22%3A%22string%22%2C%22input%22%3A%22text%22%2C%22operator%22%3A%22equal%22%2C%22value%22%3A%2242%22%7D%5D%2C%22valid%22%3Atrue%7D&name=%3Ci%3Efoo%3C%2Fi%3E&builder_rule_0_filter=access_points.accesspoint_id&builder_rule_0_operator=equal&builder_rule_0_value_0=42&severity=warning&count=1&delay=1m&interval=5m&recovery=on&acknowledgement=on&proc=&notes=&adv_query=


### Code Flow

1. **Request Processing:** PHP script `includes/html/forms/alert-rules.inc.php` processes the request
2. **Sanitization Attempt:** Calls `strip_tags()` to sanitize the `name` parameter
3. **Database Operation:** Calls `dbUpdate()` or `dbInsert()` to save the rule

### Bypass Technique
The sanitization can be bypassed using XML character references:

```html
&lt;script>alert(1)&lt;/script>

Execution Path

Page Load: Victim browses to Alerts > Alert Rules page
Script Execution: includes/html/print-alert/rules.php is called
Modal Inclusion: Includes includes/html/modal/alert_rule_list.inc.php which returns HTML for modal window
Table Rendering: Modal contains HTML table with all rules and inline JavaScript calling bootgrid() function
XSS Trigger: The bootgrid() function (http://www.jquery-bootgrid.com/) rewrites table cells, decoding XML character references
Code Execution: Browser interprets the decoded payload as HTML tags and executes the injected script

Proof of Concept

Usage

python3 poc.py client ip_addr -U <username> -P <password>

Optional Parameters

-E [kvp|multipart] - Specify HTTP request parameter encoding

Credit

Discovered by: Simon Humbert of Trend Research, Trend Micro

About Zero Day Initiative (ZDI)

Established by TippingPoint and acquired by Trend Micro, the Zero Day Initiative (ZDI) neither re-sells vulnerability details nor exploit code. Instead, upon notifying the affected product vendor, the ZDI provides its Trend Micro TippingPoint customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available.

References

ZDI Website: http://www.zerodayinitiative.com
Disclosure Policy: http://www.zerodayinitiative.com/advisories/disclosure_policy/

Severity ?

3.8 (Low)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 25.8.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "librenms/librenms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "25.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-62412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-16T20:18:32Z",
    "nvd_published_at": "2025-10-16T18:15:39Z",
    "severity": "LOW"
  },
  "details": "## Executive Summary\n\n**Product:** LibreNMS  \n**Vendor:** LibreNMS  \n**Vulnerability Type:** Cross-Site Scripting (XSS)  \n**CVSS Score:** 4.3 (AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)  \n**Affected Version:** 25.8.0 (latest at time of discovery)  \n**POC File:** [Download POC](https://trendmicro-my.sharepoint.com/:u:/p/kholoud_altookhy/EQYQOiGddUtOtz6739YUFU4B5FkNob_TvKBYEA8P6lSRQw?e=lDOR5W)\n**Ticket:** ZDI-CAN-28105: LibreNMS Alert Rules Cross-Site Scripting Vulnerability\n\n## Vulnerability Details\n\n### Description\nTrend Micro\u0027s Zero Day Initiative has identified a Cross-Site Scripting vulnerability in LibreNMS. The vulnerability exists in the Alert Rules functionality where the alert rule name is not properly sanitized, allowing injection of HTML code.\n\n### Technical Details\n\n**Version Tested:** 25.8.0  \n**Installer File:** 25.8.0.tar.gz  \n**Download Link:** https://github.com/librenms/librenms/archive/refs/tags/25.8.0.tar.gz  \n**Platform:** N/A\n\n### Attack Vector\nWhen browsing to **Alerts \u003e Alert Rules** page, a LibreNMS admin can add and manage alert rules. The alert rule name field is vulnerable to XSS attacks through improper sanitization.\n\n## Root Cause Analysis\n\n### Vulnerable Request\nWhen creating or updating an alert rule, the following HTTP POST request is sent to `/ajax_form.php`:\n\n ```\nPOST /ajax_form.php HTTP/1.1\n...\n\n_token=9YjTntCuMIe2ujpumwqJQoENRXUhJzlDt33Xu7kx\u0026device_id=-1\u0026device_name=\u0026rule_id=\u0026type=alert-rules\u0026template_id=\u0026builder_json=%7B%22condition%22%3A%22AND%22%2C%22rules%22%3A%5B%7B%22id%22%3A%22access_points.accesspoint_id%22%2C%22field%22%3A%22access_points.accesspoint_id%22%2C%22type%22%3A%22string%22%2C%22input%22%3A%22text%22%2C%22operator%22%3A%22equal%22%2C%22value%22%3A%2242%22%7D%5D%2C%22valid%22%3Atrue%7D\u0026name=%3Ci%3Efoo%3C%2Fi%3E\u0026builder_rule_0_filter=access_points.accesspoint_id\u0026builder_rule_0_operator=equal\u0026builder_rule_0_value_0=42\u0026severity=warning\u0026count=1\u0026delay=1m\u0026interval=5m\u0026recovery=on\u0026acknowledgement=on\u0026proc=\u0026notes=\u0026adv_query=\n```\n\n### Code Flow\n\n1. **Request Processing:** PHP script `includes/html/forms/alert-rules.inc.php` processes the request\n2. **Sanitization Attempt:** Calls `strip_tags()` to sanitize the `name` parameter\n3. **Database Operation:** Calls `dbUpdate()` or `dbInsert()` to save the rule\n\n### Bypass Technique\nThe sanitization can be bypassed using XML character references:\n\n```html\n\u0026lt;script\u003ealert(1)\u0026lt;/script\u003e\n```\n\n### Execution Path\n\n1. **Page Load:** Victim browses to Alerts \u003e Alert Rules page\n2. **Script Execution:** `includes/html/print-alert/rules.php` is called\n3. **Modal Inclusion:** Includes `includes/html/modal/alert_rule_list.inc.php` which returns HTML for modal window\n4. **Table Rendering:** Modal contains HTML table with all rules and inline JavaScript calling `bootgrid()` function\n5. **XSS Trigger:** The `bootgrid()` function (http://www.jquery-bootgrid.com/) rewrites table cells, decoding XML character references\n6. **Code Execution:** Browser interprets the decoded payload as HTML tags and executes the injected script\n\n## Proof of Concept\n\n### Usage\n```bash\npython3 poc.py client ip_addr -U \u003cusername\u003e -P \u003cpassword\u003e\n```\n\n### Optional Parameters\n- `-E [kvp|multipart]` - Specify HTTP request parameter encoding\n\n## Credit\n\n**Discovered by:** Simon Humbert of Trend Research, Trend Micro\n\n## About Zero Day Initiative (ZDI)\n\nEstablished by TippingPoint and acquired by Trend Micro, the Zero Day Initiative (ZDI) neither re-sells vulnerability details nor exploit code. Instead, upon notifying the affected product vendor, the ZDI provides its Trend Micro TippingPoint customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available.\n\n## References\n\n- **ZDI Website:** http://www.zerodayinitiative.com\n- **Disclosure Policy:** http://www.zerodayinitiative.com/advisories/disclosure_policy/",
  "id": "GHSA-6g2v-66ch-6xmh",
  "modified": "2025-10-16T20:18:32Z",
  "published": "2025-10-16T20:18:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62412"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/librenms/librenms"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/releases/tag/25.10.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LibreNMS alert-rules has a Cross-Site Scripting Vulnerability"
}

FKIE_CVE-2025-62412

Vulnerability from fkie_nvd - Published: 2025-10-16 18:15 - Updated: 2025-10-23 12:31

Severity ?

3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f	Patch
security-advisories@github.com	https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh	Exploit, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	librenms	librenms	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0807962-971F-4B6B-BC01-20A7DE1B30AC",
              "versionEndExcluding": "25.10.0",
              "versionStartIncluding": "25.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LibreNMS  is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts \u003e Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0."
    }
  ],
  "id": "CVE-2025-62412",
  "lastModified": "2025-10-23T12:31:34.033",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.8,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-10-16T18:15:39.920",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-62412 (GCVE-0-2025-62412)

GHSA-6G2V-66CH-6XMH

Executive Summary

Vulnerability Details

Description

Technical Details

Attack Vector

Root Cause Analysis

Vulnerable Request

Execution Path

Proof of Concept

Usage

Optional Parameters

Credit

About Zero Day Initiative (ZDI)

References

FKIE_CVE-2025-62412

Tags

Sightings

Nomenclature