Weak password requirements in LibreNMS - CVE-2025-65014
Published: April 24, 2026
Vulnerability identifier: #VU127438
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-65014
CWE-ID: CWE-521
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: LibreNMS Project
Affected software:
LibreNMS
LibreNMS
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to weak password requirements in user creation / password definition when creating new user accounts. A remote attacker can perform brute-force or credential stuffing attacks against accounts created with weak passwords to disclose sensitive information.
Exploitation depends on an administrator having created an account with an extremely weak and predictable password.
How to mitigate CVE-2025-65014
Install security update from vendor's website.