CVE-2025-65014

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.11.0

Description The user management functionality of LibreNMS fails to enforce a strong password policy, allowing administrators to create accounts with weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. The vulnerable component is the user creation/password definition process. The application accepts trivial and well-known weak passwords without restrictions when creating new user accounts. This can lead to unauthorized access to user or administrative accounts and potential privilege escalation.

Recommendations Versions prior to 25.11.0: Update to version 25.11.0 or later. Enforce a strong password policy, requiring a minimum of 12 characters with uppercase, lowercase, digits, and special characters. Block the use of commonly known weak passwords, such as 12345678, password, admin, and qwerty.