CVE-2025-68614

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68614

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68614.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-68614

Aliases

GHSA-c89f-8g7g-59wj

Published

2025-12-22T23:43:02.947Z

Modified

2026-04-02T13:04:01.510089Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

Details

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68614.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/librenms/librenms

Affected ranges

Type: GIT
Repo: https://github.com/librenms/librenms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

dc27eaef9f8079c7f64b84d1488d956b2aac75ad

Affected versions

0.*

0.1

1.*

1.19

1.20

1.20.1

1.21

1.22

1.22.01

1.23

1.24

1.25

1.26

1.27

1.28

1.29

1.30

1.30.01

1.31

1.31.01

1.31.02

1.31.03

1.32

1.32.01

1.33

1.33.01

1.34

1.35

1.36

1.36.01

1.37

1.38

1.38-full

1.39

1.40

1.41

1.42

1.42.01

1.43

1.44

1.45

1.46

1.47

1.48

1.48.1

1.49

1.50

1.50.1

1.51

1.52

1.53

1.53.1

1.54

1.55

1.56

1.57

1.58

1.58.1

1.59

1.60

1.61

1.62

1.62.1

1.62.2

1.63

1.64

1.64.1

1.65

1.65.1

1.66

1.67

1.68

1.69

1.70.0

1.70.1

Other

201505

201506

201507

201508

201509

201510

201511

201512

201601

201602

201603

201604

201605

201606

201607

201608

20160828

201609

21.*

21.1.0

21.10.0

21.10.1

21.10.2

21.11.0

21.12.0

21.12.1

21.2.0

21.3.0

21.4.0

21.5.0

21.5.1

21.6.0

21.7.0

21.8.0

21.9.0

21.9.1

22.*

22.1.0

22.10.0

22.11.0

22.12.0

22.2.0

22.2.1

22.2.2

22.3.0

22.4.0

22.4.1

22.5.0

22.6.0

22.7.0

22.8.0

22.9.0

23.*

23.1.0

23.1.1

23.10.0

23.11.0

23.2.0

23.4.0

23.4.1

23.5.0

23.6.0

23.7.0

23.8.0

23.8.1

23.8.2

23.9.0

23.9.1

24.*

24.1.0

24.10.0

24.10.1

24.11.0

24.12.0

24.2.0

24.3.0

24.4.0

24.4.1

24.5.0

24.6.0

24.7.0

24.8.0

24.8.1

24.9.0

24.9.1

25.*

25.1.0

25.10.0

25.11.0

25.2.0

25.3.0

25.4.0

25.5.0

25.6.0

25.7.0

25.8.0

25.9.0

25.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68614.json"