CVE-2025-65013: Critical Reflected XSS Vulnerability Discovered in LibreNMS Maps Feature

Overview

A reflected cross-site scripting (XSS) vulnerability, identified as CVE-2025-65013, has been discovered in LibreNMS, a popular auto-discovering PHP/MySQL/SNMP based network monitoring tool. This vulnerability affects versions prior to 25.11.0. The flaw resides in the /maps/nodeimage endpoint, specifically how the “Image Name” parameter is handled.

This vulnerability allows an attacker to inject arbitrary JavaScript code into the victim’s browser by crafting a malicious URL. When a user clicks on this specially crafted link, the injected script will execute within the context of their browser session, potentially leading to data theft, session hijacking, or other malicious activities.

LibreNMS users are strongly advised to upgrade to version 25.11.0 or apply the provided patch to mitigate this risk.

Technical Details

The vulnerability stems from the lack of proper input validation and output encoding for the Image Name parameter within the /maps/nodeimage endpoint. When a user provides a value for this parameter in the URL, the application reflects it back in the HTTP response without sanitizing or encoding it. This allows an attacker to inject malicious JavaScript code within the parameter value.

For example, a malicious URL could look like this:

/maps/nodeimage?image=

When a user visits this URL, the JavaScript code within the <script> tags will execute in their browser.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) score for CVE-2025-65013 is 6.2 (Medium).

• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): Required (R)
• Scope (S): Changed (C)
• Confidentiality Impact (C): Low (L)
• Integrity Impact (I): Low (L)
• Availability Impact (A): None (N)

The medium severity is due to the need for user interaction (clicking on a malicious link) and the limited impact on confidentiality and integrity.

Possible Impact

A successful XSS attack via CVE-2025-65013 can have several potential consequences:

• Session Hijacking: An attacker could steal a user’s session cookie, allowing them to impersonate the user and gain unauthorized access to the LibreNMS application.
• Data Theft: Sensitive information displayed within the LibreNMS interface could be stolen by the attacker.
• Redirection to Malicious Websites: Users could be redirected to phishing sites or other malicious websites without their knowledge.
• Defacement: The attacker could alter the appearance of the LibreNMS interface.

Mitigation and Patch Steps

The most effective way to mitigate this vulnerability is to upgrade LibreNMS to version 25.11.0 or later. This version includes a patch that properly sanitizes and encodes the Image Name parameter, preventing the execution of malicious JavaScript code.

To upgrade, follow the official LibreNMS upgrade instructions:

1. Back up your LibreNMS database and configuration files.
2. Follow the upgrade instructions specific to your LibreNMS installation method (e.g., Git, package manager). Refer to the official LibreNMS documentation.
3. Verify that the upgrade was successful by checking the LibreNMS version number.

References

• CVE ID: CVE-2025-65013
• GitHub Security Advisory: GHSA-j8cq-7f6p-256x
• LibreNMS Official Website: LibreNMS