Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rfwn-r567-qben
Vulnerability ID VCID-rfwn-r567-qben
Aliases CVE-2025-65093
GHSA-6pmj-xjxp-p8g9
Summary LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 4e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-65093
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-6pmj-xjxp-p8g9
cvssv3.1 5.5 https://github.com/librenms/librenms
generic_textual MODERATE https://github.com/librenms/librenms
cvssv3.1 5.5 https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9
cvssv3.1_qr MODERATE https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9
generic_textual MODERATE https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9
ssvc Track https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2025-65093
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2025-65093
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2025-65093
CVE-2025-65093 https://nvd.nist.gov/vuln/detail/CVE-2025-65093
GHSA-6pmj-xjxp-p8g9 https://github.com/advisories/GHSA-6pmj-xjxp-p8g9
GHSA-6pmj-xjxp-p8g9 https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/librenms/librenms
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:58:37Z/ Found at https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-65093
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.00144
EPSS Score 4e-05
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T16:57:42.266516+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2025/65xxx/CVE-2025-65093.json 38.6.0