Monitoring

In Sentry versions prior to 25.5.0 a high severity vulnerability CVE-2025-53099 was detected. This vulnerability allows attackers with a malicious OAuth application to exploit a race condition and improper authorization code handling during the OAuth exchange process, enabling them to maintain persistent access to a user’s account even after the application is de-authorized. To address this issue users must upgrade to version 25.5.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53099.

In Sentry versions 25.1.0 through 25.5.1 a medium severity vulnerability CVE-2025-53073 was detected. This vulnerability allows authenticated attackers to perform unauthorized actions, such as adding comments, on a project’s issue endpoint without being a member of the project’s team. Currently there is no fix for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53073.

In LibreNMS versions up to and including 25.4.0 a low severity vulnerability CVE-2025-47931 was detected. This vulnerability allows attackers to inject malicious scripts via the group name parameter in the /poller/groups form, potentially executing those scripts when viewed by other users. To address this issue, users should upgrade LibreNMS to version 25.5.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47931.

In Zabbix versions from 7.0.0 to 7.0.7 and from 7.2.0 to 7.2.1 a high severity vulnerability CVE-2024-36465 was detected. This vulnerability allows attackers with low-level API access to run SQL commands using the groupBy setting. Currently there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36465.

In Zabbix Server versions 6.0.0 up to 6.0.38, 7.0.0 up to 7.0.9, 7.2.0 up to 7.2.3 a medium severity vulnerability CVE-2024-45700 was detected. This vulnerability allows attackers to send specially crafted requests that cause excessive memory allocation and CPU-intensive decompression, ultimately leading to a service crash. To address this issue, users should upgrade Zabbix Server to versions 6.0.39rc1, 7.0.10rc1, 7.2.4rc1 or 7.4.0alpha1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45700.

In Zabbix Server versions 6.0.0 up to 6.0.36, 6.4.0 up to 6.4.20 and 7.0.0 up to 7.0.6 a high severity vulnerability CVE-2024-45699 was detected. This vulnerability allows attackers to inject a JavaScript payload through the backurl parameter in the /zabbix.php?action=export.valuemaps endpoint, leading to a Cross-Site Scripting (XSS) attack. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45699.

In LibreNMS versions up to 24.10.1 a medium severity vulnerability CVE-2025-23200 was detected. This vulnerability allows attackers to inject malicious scripts via a stored XSS on the parameter `state` in `ajax_form.php`, leading to potential unauthorized actions or data exposure. To address this issue, users should upgrade LibreNMS to version 24.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23200.

In Librenms versions up to 24.10.1 a medium severity vulnerability CVE-2025-23200 was detected. This vulnerability allows attackers to inject malicious scripts into Librenms, which can then execute when viewed by a user, potentially leading to unauthorized actions or data exposure. To fix this issue, users should upgrade Librenms to version 24.11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-23200.

In Librenms versions up to 24.10.1 a medium severity vulnerability CVE-2025-23198 was detected. This vulnerability allows attackers to insert malicious scripts, which execute when a user interacts with the page, potentially resulting in unauthorized actions. To fix this issue, users should upgrade Librenms to version 24.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-23198.