cvedb.io
CVE-2025-65093
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2025-11-18T23:15:57.690 · Last modified 2026-06-17T09:55:26.013

Summary

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0.

Affected products

librenms — librenms

Does this affect you?

Add your gear to cvedb and we'll alert you only when librenms ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.