CVE-2025-65093

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.11.0

Description LibreNMS contains a boolean-based blind SQL injection issue in the /ajax output.php endpoint. The hostname parameter is directly interpolated into an SQL query without proper sanitization, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This requires administrator privileges to access the affected discovery functionality. The vulnerability allows attackers to modify the query logic using Boolean expressions. When crafted conditions evaluate to true, the application behaves normally. When conditions evaluate to false, the response is altered. This confirms that the parameter’s value is being interpreted as SQL logic, demonstrating a boolean-based blind SQL injection. The issue is present in the /opt/librenms/includes/html/output/capture.inc.php file.

Recommendations Update LibreNMS to version 25.11.0 or later.