Monitoring

In LibreNMS versions up to and including 25.4.0 a low severity vulnerability CVE-2025-47931 was detected. This vulnerability allows attackers to inject malicious scripts via the group name parameter in the /poller/groups form, potentially executing those scripts when viewed by other users. To address this issue, users should upgrade LibreNMS to version 25.5.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47931.

In Zabbix versions from 7.0.0 to 7.0.7 and from 7.2.0 to 7.2.1 a high severity vulnerability CVE-2024-36465 was detected. This vulnerability allows attackers with low-level API access to run SQL commands using the groupBy setting. Currently there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36465.

In Zabbix Server versions 6.0.0 up to 6.0.38, 7.0.0 up to 7.0.9, 7.2.0 up to 7.2.3 a medium severity vulnerability CVE-2024-45700 was detected. This vulnerability allows attackers to send specially crafted requests that cause excessive memory allocation and CPU-intensive decompression, ultimately leading to a service crash. To address this issue, users should upgrade Zabbix Server to versions 6.0.39rc1, 7.0.10rc1, 7.2.4rc1 or 7.4.0alpha1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45700.

In Zabbix Server versions 6.0.0 up to 6.0.36, 6.4.0 up to 6.4.20 and 7.0.0 up to 7.0.6 a high severity vulnerability CVE-2024-45699 was detected. This vulnerability allows attackers to inject a JavaScript payload through the backurl parameter in the /zabbix.php?action=export.valuemaps endpoint, leading to a Cross-Site Scripting (XSS) attack. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45699.

In LibreNMS versions up to 24.10.1 a medium severity vulnerability CVE-2025-23200 was detected. This vulnerability allows attackers to inject malicious scripts via a stored XSS on the parameter `state` in `ajax_form.php`, leading to potential unauthorized actions or data exposure. To address this issue, users should upgrade LibreNMS to version 24.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23200.

In Sentry versions starting from 21.12.0 before 24.12.1 a medium severity vulnerability CVE-2025-22146 was detected. This vulnerability allows attackers to exploit Sentry’s SAML SSO to crash the application by sending posts with improperly formatted attachments. To fix this issue, users should upgrade Sentry to version 25.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-22146.

In Librenms versions up to 24.10.1 a medium severity vulnerability CVE-2025-23200 was detected. This vulnerability allows attackers to inject malicious scripts into Librenms, which can then execute when viewed by a user, potentially leading to unauthorized actions or data exposure. To fix this issue, users should upgrade Librenms to version 24.11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-23200.

In Librenms versions up to 24.10.1 a medium severity vulnerability CVE-2025-23198 was detected. This vulnerability allows attackers to insert malicious scripts, which execute when a user interacts with the page, potentially resulting in unauthorized actions. To fix this issue, users should upgrade Librenms to version 24.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-23198.

In LibreNMS versions prior to 24.10.1 a medium severity vulnerability CVE-2025-23201 was detected. This vulnerability allows remote attackers to execute malicious scripts via the `/addhost` parameter `community`, leading to unauthorized actions or data exposure. To address this issue, users should upgrade LibreNMS to version 24.11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23201.