CVE-2025-68614

low-risk

Published 2025-12-23

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0.

Do I need to act?

0.00% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Librenms

Affected Vendors

Librenms

References (2)

Patch https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e440...

Exploit https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal