CVE-2025-68614: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

December 23, 2025

Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoud_altookhy/IQCfcnOE5ykQSb6Fm-HFI872AZ_zeIJxU-3aDk0jh_eX_NE?e=zkN76d

ZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

– CVSS —————————————–

4.3: AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

– ABSTRACT ————————————-

Trend Micro’s Zero Day Initiative has identified a vulnerability affecting the following products: LibreNMS - LibreNMS

– VULNERABILITY DETAILS ————————

Version tested: 25.10.0
Installer file: NA
Platform tested: NA

References

github.com/advisories/GHSA-c89f-8g7g-59wj
github.com/librenms/librenms
github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1
github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj
nvd.nist.gov/vuln/detail/CVE-2025-68614

Code Behaviors & Features

Detect and mitigate CVE-2025-68614 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →