Vulnerability Description
LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser. This vulnerability is fixed in 25.10.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Librenms | Librenms | < 25.10.0 |
Related Weaknesses (CWE)
References
- https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f7Patch
- https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28wExploitVendor Advisory
- https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28wExploitVendor Advisory
FAQ
What is CVE-2025-62411?
CVE-2025-62411 is a vulnerability with a CVSS score of 5.5 (MEDIUM). LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. W...
How severe is CVE-2025-62411?
CVE-2025-62411 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-62411?
Check the references section above for vendor advisories and patch information. Affected products include: Librenms Librenms.