Home > Vulnerability Database > CVE-2025-65093

Mend.io Vulnerability Database

CVE-2025-65093

Good to know:

Date: November 18, 2025

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0.

Severity Score

4.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-65093

Url: https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9

Url: https://github.com/librenms/librenms

Url: https://www.mend.io/vulnerability-database/CVE-2025-65093

Severity Score

4.3

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version librenms/librenms - 2.11.0

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-65093

Good to know:

Date: November 18, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?