CVE-2025-62365

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.7.0

Description LibreNMS, an open-source network monitoring system, contains a reflected cross-site scripting (XSS) issue. The report this function within librenms/includes/functions.php exhibits improper filtering of the project issues parameter when using the htmlentities function in an anchor environment. This allows for the execution of malicious scripts. The vulnerable function is report this.

Recommendations Upgrade to LibreNMS version 25.7.0 or later.