Vulnerability Description
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim’s browser. This issue has been patched in version 25.11.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Librenms | Librenms | < 25.11.0 |
Related Weaknesses (CWE)
References
- https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256xVendor Advisory
- https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256xVendor Advisory
FAQ
What is CVE-2025-65013?
CVE-2025-65013 is a vulnerability with a CVSS score of 6.2 (MEDIUM). LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application ...
How severe is CVE-2025-65013?
CVE-2025-65013 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-65013?
Check the references section above for vendor advisories and patch information. Affected products include: Librenms Librenms.