CVE-2025-62412: LibreNMS alert-rules has a Cross-Site Scripting Vulnerability
Product: LibreNMS Vendor: LibreNMS Vulnerability Type: Cross-Site Scripting (XSS) CVSS Score: 4.3 (AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L) Affected Version: 25.8.0 (latest at time of discovery) POC File: Download POC Ticket: ZDI-CAN-28105: LibreNMS Alert Rules Cross-Site Scripting Vulnerability
References
- github.com/advisories/GHSA-6g2v-66ch-6xmh
- github.com/librenms/librenms
- github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f
- github.com/librenms/librenms/releases/tag/25.10.0
- github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh
- nvd.nist.gov/vuln/detail/CVE-2025-62412
Code Behaviors & Features
Detect and mitigate CVE-2025-62412 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →