CVE-2025-62411
Last modified
CVE-2025-62411 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. EPSS estimates a 11.64% chance of exploitation in the next 30 days.
Description
LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser. This vulnerability is fixed in 25.10.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Librenms | Librenms | < 25.10.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-62411?
How severe is CVE-2025-62411?
How do I fix CVE-2025-62411?
Are you affected by CVE-2025-62411?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST