Home > Vulnerability Database > CVE-2025-62411

Mend.io Vulnerability Database

CVE-2025-62411

Good to know:

Date: October 16, 2025

LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser. This vulnerability is fixed in 25.10.0.

Severity Score

5.5

Related Resources (7)

Url: https://github.com/librenms/librenms/releases/tag/25.10.0

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62411

Url: https://github.com/librenms/librenms/commit/e1ead366239b57e88f9a06d4f7c213b1e2530cd8

Url: https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w

Url: https://github.com/librenms/librenms

Url: https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450

Url: https://www.mend.io/vulnerability-database/CVE-2025-62411

Severity Score

5.5

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version librenms/librenms - 25.10.0

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62411

Good to know:

Date: October 16, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?