Vulnerability Details CVE-2025-65093
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.0%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2025-65093
-
cpe:2.3:a:librenms:librenms:-
-
cpe:2.3:a:librenms:librenms:0.1
-
cpe:2.3:a:librenms:librenms:1.19
-
cpe:2.3:a:librenms:librenms:1.20
-
cpe:2.3:a:librenms:librenms:1.20.1
-
cpe:2.3:a:librenms:librenms:1.21
-
cpe:2.3:a:librenms:librenms:1.22
-
cpe:2.3:a:librenms:librenms:1.22.01
-
cpe:2.3:a:librenms:librenms:1.23
-
cpe:2.3:a:librenms:librenms:1.24
-
cpe:2.3:a:librenms:librenms:1.25
-
cpe:2.3:a:librenms:librenms:1.26
-
cpe:2.3:a:librenms:librenms:1.27
-
cpe:2.3:a:librenms:librenms:1.28
-
cpe:2.3:a:librenms:librenms:1.29
-
cpe:2.3:a:librenms:librenms:1.30
-
cpe:2.3:a:librenms:librenms:1.30.01
-
cpe:2.3:a:librenms:librenms:1.31
-
cpe:2.3:a:librenms:librenms:1.31.01
-
cpe:2.3:a:librenms:librenms:1.31.02
-
cpe:2.3:a:librenms:librenms:1.31.03
-
cpe:2.3:a:librenms:librenms:1.32
-
cpe:2.3:a:librenms:librenms:1.32.01
-
cpe:2.3:a:librenms:librenms:1.33
-
cpe:2.3:a:librenms:librenms:1.33.01
-
cpe:2.3:a:librenms:librenms:1.34
-
cpe:2.3:a:librenms:librenms:1.35
-
cpe:2.3:a:librenms:librenms:1.36
-
cpe:2.3:a:librenms:librenms:1.36.01
-
cpe:2.3:a:librenms:librenms:1.37
-
cpe:2.3:a:librenms:librenms:1.38
-
cpe:2.3:a:librenms:librenms:1.39
-
cpe:2.3:a:librenms:librenms:1.40
-
cpe:2.3:a:librenms:librenms:1.41
-
cpe:2.3:a:librenms:librenms:1.42
-
cpe:2.3:a:librenms:librenms:1.42.01
-
cpe:2.3:a:librenms:librenms:1.43
-
cpe:2.3:a:librenms:librenms:1.44
-
cpe:2.3:a:librenms:librenms:1.45
-
cpe:2.3:a:librenms:librenms:1.46
-
cpe:2.3:a:librenms:librenms:1.47
-
cpe:2.3:a:librenms:librenms:1.48
-
cpe:2.3:a:librenms:librenms:1.48.1
-
cpe:2.3:a:librenms:librenms:1.49
-
cpe:2.3:a:librenms:librenms:1.50
-
cpe:2.3:a:librenms:librenms:1.50.1
-
cpe:2.3:a:librenms:librenms:1.51
-
cpe:2.3:a:librenms:librenms:1.52
-
cpe:2.3:a:librenms:librenms:1.53
-
cpe:2.3:a:librenms:librenms:1.53.1
-
cpe:2.3:a:librenms:librenms:1.54
-
cpe:2.3:a:librenms:librenms:1.55
-
cpe:2.3:a:librenms:librenms:1.56
-
cpe:2.3:a:librenms:librenms:1.57
-
cpe:2.3:a:librenms:librenms:1.58
-
cpe:2.3:a:librenms:librenms:1.58.1
-
cpe:2.3:a:librenms:librenms:1.59
-
cpe:2.3:a:librenms:librenms:1.60
-
cpe:2.3:a:librenms:librenms:1.61
-
cpe:2.3:a:librenms:librenms:1.62
-
cpe:2.3:a:librenms:librenms:1.62.1
-
cpe:2.3:a:librenms:librenms:1.62.2
-
cpe:2.3:a:librenms:librenms:1.63
-
cpe:2.3:a:librenms:librenms:1.64
-
cpe:2.3:a:librenms:librenms:1.64.1
-
cpe:2.3:a:librenms:librenms:1.65
-
cpe:2.3:a:librenms:librenms:1.65.1
-
cpe:2.3:a:librenms:librenms:1.66
-
cpe:2.3:a:librenms:librenms:1.67
-
cpe:2.3:a:librenms:librenms:1.68
-
cpe:2.3:a:librenms:librenms:1.69
-
cpe:2.3:a:librenms:librenms:1.70.0
-
cpe:2.3:a:librenms:librenms:1.70.1
-
cpe:2.3:a:librenms:librenms:21.1.0
-
cpe:2.3:a:librenms:librenms:21.10.0
-
cpe:2.3:a:librenms:librenms:21.10.1
-
cpe:2.3:a:librenms:librenms:21.10.2
-
cpe:2.3:a:librenms:librenms:21.11.0
-
cpe:2.3:a:librenms:librenms:21.12.0
-
cpe:2.3:a:librenms:librenms:21.12.1
-
cpe:2.3:a:librenms:librenms:21.2.0
-
cpe:2.3:a:librenms:librenms:21.3.0
-
cpe:2.3:a:librenms:librenms:21.4.0
-
cpe:2.3:a:librenms:librenms:21.5.0
-
cpe:2.3:a:librenms:librenms:21.5.1
-
cpe:2.3:a:librenms:librenms:21.6.0
-
cpe:2.3:a:librenms:librenms:21.7.0
-
cpe:2.3:a:librenms:librenms:21.8.0
-
cpe:2.3:a:librenms:librenms:21.9.0
-
cpe:2.3:a:librenms:librenms:21.9.1
-
cpe:2.3:a:librenms:librenms:22.1.0
-
cpe:2.3:a:librenms:librenms:22.10.0
-
cpe:2.3:a:librenms:librenms:22.11.0
-
cpe:2.3:a:librenms:librenms:22.2.0
-
cpe:2.3:a:librenms:librenms:22.2.1
-
cpe:2.3:a:librenms:librenms:22.2.2
-
cpe:2.3:a:librenms:librenms:22.3.0
-
cpe:2.3:a:librenms:librenms:22.4.0
-
cpe:2.3:a:librenms:librenms:22.4.1
-
cpe:2.3:a:librenms:librenms:22.5.0
-
cpe:2.3:a:librenms:librenms:22.6.0
-
cpe:2.3:a:librenms:librenms:22.7.0
-
cpe:2.3:a:librenms:librenms:22.8.0
-
cpe:2.3:a:librenms:librenms:22.9.0
-
cpe:2.3:a:librenms:librenms:23.1.0
-
cpe:2.3:a:librenms:librenms:23.1.1
-
cpe:2.3:a:librenms:librenms:23.10.0
-
cpe:2.3:a:librenms:librenms:23.11.0
-
cpe:2.3:a:librenms:librenms:23.2.0
-
cpe:2.3:a:librenms:librenms:23.4.0
-
cpe:2.3:a:librenms:librenms:23.4.1
-
cpe:2.3:a:librenms:librenms:23.5.0
-
cpe:2.3:a:librenms:librenms:23.6.0
-
cpe:2.3:a:librenms:librenms:23.7.0
-
cpe:2.3:a:librenms:librenms:23.8.0
-
cpe:2.3:a:librenms:librenms:23.8.1
-
cpe:2.3:a:librenms:librenms:23.8.2
-
cpe:2.3:a:librenms:librenms:23.9.0
-
cpe:2.3:a:librenms:librenms:23.9.1
-
cpe:2.3:a:librenms:librenms:24.1.0
-
cpe:2.3:a:librenms:librenms:24.10.0
-
cpe:2.3:a:librenms:librenms:24.11.0
-
cpe:2.3:a:librenms:librenms:24.12.0
-
cpe:2.3:a:librenms:librenms:24.2.0
-
cpe:2.3:a:librenms:librenms:24.3.0
-
cpe:2.3:a:librenms:librenms:24.4.0
-
cpe:2.3:a:librenms:librenms:24.4.1
-
cpe:2.3:a:librenms:librenms:24.5.0
-
cpe:2.3:a:librenms:librenms:24.6.0
-
cpe:2.3:a:librenms:librenms:24.7.0
-
cpe:2.3:a:librenms:librenms:24.8.0
-
cpe:2.3:a:librenms:librenms:24.8.1
-
cpe:2.3:a:librenms:librenms:24.9.0
-
cpe:2.3:a:librenms:librenms:24.9.1
-
cpe:2.3:a:librenms:librenms:25.1.0
-
cpe:2.3:a:librenms:librenms:25.10.0
-
cpe:2.3:a:librenms:librenms:25.2.0
-
cpe:2.3:a:librenms:librenms:25.3.0
-
cpe:2.3:a:librenms:librenms:25.4.0
-
cpe:2.3:a:librenms:librenms:25.5.0
-
cpe:2.3:a:librenms:librenms:25.6.0
-
cpe:2.3:a:librenms:librenms:25.7.0
-
cpe:2.3:a:librenms:librenms:25.8.0
-
cpe:2.3:a:librenms:librenms:25.9.0
-
cpe:2.3:a:librenms:librenms:25.9.1