Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim’s browser. This issue has been patched in version 25.11.0.

INFO

Published Date :

2025-11-18T23:01:21.659Z

Last Modified :

2025-11-19T14:46:51.743Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65013 vulnerability.

Vendors Products
Librenms
  • Librenms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65013.

URL Resource
https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact