CVE-2025-65014
Last modified
CVE-2025-65014 is a low-severity vulnerability rated 3.7/10 on the CVSS scale. LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Librenms | Librenms | < 25.11.0 |
References
- https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45gExploit, Mitigation, Vendor Advisory
- https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45gExploit, Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-65014?
How severe is CVE-2025-65014?
How do I fix CVE-2025-65014?
Are you affected by CVE-2025-65014?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST