N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-62365

GHSA ID

GHSA-86rg-8hc8-v82p

EPSS Score

CWE

CWE-79

Published

10/13/2025

Updated

10/14/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-62365

CVE-2025-62365: LibreNMS is vulnerable to Reflected-XSS in `report_this` function

Summary

Reflected-XSS in report_this function in librenms/includes/functions.php

Details

Recently, it was discovered that the report_this function had improper filtering (htmlentities function was incorrectly used in a href environment), which caused the project_issues parameter to trigger an XSS vulnerability.

The Vulnerable Sink: https://github.com/librenms/librenms/blob/master/includes/functions.php#L444

PoC

GET project_issues=javascript:alert(document.cookie)

Impact

XSS vulnerabilities allow attackers to execute malicious scripts in users' browsers, enabling unauthorized access to sensitive data, session hijacking, or malware distribution.

Suggestion

It is recommended to filter dangerous protocols, e.g. javascript:/file:.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-62365

GHSA ID

GHSA-86rg-8hc8-v82p

EPSS Score

CWE

CWE-79

Published

10/13/2025

Updated

10/14/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
librenms/librenms	composer	<= 25.6.0	25.7.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists in the report_this function located in includes/functions.php. This function was responsible for generating a link to report issues. The vulnerability stems from the improper sanitization of the project_issues parameter, which is incorporated into the href attribute of a link. The patch addresses this vulnerability by completely removing the report_this function and replacing its calls with simple text messages. The core of the vulnerability is the use of htmlentities on user-controllable input that is then placed in an href attribute. An attacker could provide a value like javascript:alert(1) for the project_issues parameter, which would not be neutralized by htmlentities and would result in a clickable link that executes malicious JavaScript in the user's browser. The fix, by removing the function, eliminates this risk entirely.

Vulnerable functions

report_this

includes/functions.php

The `report_this` function is vulnerable to reflected Cross-Site Scripting (XSS). The `project_issues` parameter, retrieved via `Config::get('project_issues')`, is encoded with `htmlentities` and then embedded into an `<a>` tag's `href` attribute. The `htmlentities` function does not properly sanitize URI schemes, allowing an attacker to inject a `javascript:` payload, which will be executed when a user clicks the generated link.

WAF Protection Rules

WAF Rule

### Summ*ry R**l**t**-XSS in `r*port_t*is` *un*tion in `li*r*nms/in*lu**s/*un*tions.p*p` ### **t*ils R***ntly, it w*s *is*ov*r** t**t t** `r*port_t*is` *un*tion *** improp*r *ilt*rin* (`*tml*ntiti*s` *un*tion w*s in*orr**tly us** in * *r** *nvironm

Reasoning

T** vuln*r**ility *xists in t** `r*port_t*is` *un*tion lo**t** in `in*lu**s/*un*tions.p*p`. T*is *un*tion w*s r*sponsi*l* *or **n*r*tin* * link to r*port issu*s. T** vuln*r**ility st*ms *rom t** improp*r s*nitiz*tion o* t** `proj**t_issu*s` p*r*m*t*r

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-62365: LibreNMS is vulnerable to Reflected-XSS in `report_this` function

Summary

Details

PoC

Impact

Suggestion

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI