CVE-2025-65093

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-65093

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65093.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-65093

Aliases

GHSA-6pmj-xjxp-p8g9

Published

2025-11-18T23:02:04.572Z

Modified

2025-11-20T13:32:51.140812Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

Details

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ]
}

References

https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9

Affected packages

Git / github.com/librenms/librenms

Affected ranges

Type

GIT

Repo

https://github.com/librenms/librenms

Events

Introduced

Fixed

aa2146888bee34ae7b250f14992a2f195ffa0c53

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "25.11.0"
        }
    ]
}

Affected versions

0.*

0.1

1.*

1.19

1.20

1.21

1.25

1.26

1.27

1.28

1.29

1.30

1.30.01

1.31

1.31.01

1.31.02

1.31.03

1.32

1.33

1.35

1.36

1.37

1.38

1.39

1.40

1.41

1.42

1.42.01

1.43

1.44

1.45

1.46

1.47

1.48

1.48.1

1.49

1.50

1.51

1.52

1.53

1.53.1

1.54

1.55

1.56

1.57

1.58

1.58.1

1.59

1.60

1.61

1.62

1.63

1.64

1.64.1

1.65

1.66

1.67

1.68

1.69

1.70.0

1.70.1

Other

201505

201506

201507

201508

201509

201510

201511

201512

201601

201602

201603

201604

201605

201606

201607

201608

20160828

201609

21.*

21.1.0

21.10.0

21.11.0

21.12.0

21.12.1

21.2.0

21.3.0

21.4.0

21.5.0

21.5.1

21.6.0

21.7.0

21.8.0

21.9.0

22.*

22.1.0

22.10.0

22.11.0

22.12.0

22.2.0

22.2.1

22.3.0

22.4.0

22.5.0

22.6.0

22.7.0

22.8.0

22.9.0

23.*

23.1.0

23.10.0

23.11.0

23.2.0

23.4.0

23.4.1

23.5.0

23.6.0

23.7.0

23.8.0

23.8.1

23.8.2

23.9.0

23.9.1

24.*

24.1.0

24.10.0

24.10.1

24.11.0

24.12.0

24.2.0

24.3.0

24.4.0

24.4.1

24.5.0

24.6.0

24.7.0

24.8.0

24.9.0

24.9.1

25.*

25.1.0

25.10.0

25.2.0

25.3.0

25.4.0

25.5.0

25.6.0

25.7.0

25.8.0

25.9.0