CVE-2025-65014

LOW

LibreNMS <25.11.0 - Info Disclosure

Title source: llm

Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0.

References (1)

[Exploit, Mitigation, Vendor Advisory] https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g

Scores

CVSS v3 3.7

EPSS 0.0000

EPSS Percentile 0.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-521

Status published

Products (2)

librenms/librenms < 25.11.0

librenms/librenms 0 - 25.11.0Packagist

Published Nov 18, 2025

Tracked Since Feb 18, 2026