Vulnerability Description
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Librenms | Librenms | < 25.11.0 |
Related Weaknesses (CWE)
References
- https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45gExploitMitigationVendor Advisory
- https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45gExploitMitigationVendor Advisory
FAQ
What is CVE-2025-65014?
CVE-2025-65014 is a vulnerability with a CVSS score of 3.7 (LOW). LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the ...
How severe is CVE-2025-65014?
CVE-2025-65014 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-65014?
Check the references section above for vendor advisories and patch information. Affected products include: Librenms Librenms.