CVE-2025-65014
LOWDescription
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| librenms | librenms |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-65014? +
How severe is CVE-2025-65014? +
What products are affected by CVE-2025-65014? +
How do I check if I'm vulnerable to CVE-2025-65014? +
Related Vulnerabilities
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After …
No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console …
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through …
KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any …
Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web …