VYPR
Moderate severityNVD Advisory· Published Oct 13, 2025· Updated Oct 14, 2025

LibreNMS vulnerable to Reflected-XSS in `report_this` function

CVE-2025-62365

Description

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in report_this function in librenms/includes/functions.php. The report_this function had improper filtering (htmlentities function was incorrectly use in a href environment), which caused the project_issues parameter to trigger an XSS vulnerability. This vulnerability is fixed in 25.7.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
librenms/librenmsPackagist
< 25.7.025.7.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.