CVE-2025-65014
LibreNMS has Weak Password Policy
Description
## Summary A **Weak Password Policy** vulnerability was identified in the user management functionality of the _LibreNMS_ application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as `12345678`. This exposes the platform to brute-force and credential stuffing attacks. --- ## Details **Vulnerable Component:** User creation / password definition The application fails to enforce a strong password policy when creating new users. As a result, administrators can define trivial and well-known weak passwords, compromising the authentication security of the system. --- ## PoC 1. Log in to the application using an **Administrator** account. 2. Navigate to the user management section: 3. Create a new user account using the password `12345678`. <img width="1103" height="852" alt="image" src="https://github.com/user-attachments/assets/a20d4226-9f86-46ee-a4e6-45be91bb6b7b" /> 4. The application accepts the weak password without restrictions and creates the account successfully. <img width="1359" height="487" alt="image" src="https://github.com/user-attachments/assets/9bec15bf-b38f-448b-8f98-acca5724e143" /> --- ## Impact Weak password policy vulnerabilities can have severe consequences, including: - Increased risk of brute-force and credential stuffing attacks - Unauthorized access to user or administrative accounts - Privilege escalation through compromised credentials - Degradation of the overall security posture of the platform --- ## Mitigation - Enforce a strong password policy (e.g., minimum of 12 characters with uppercase, lowercase, digits, and special characters). - Block the use of commonly known weak passwords (e.g., `12345678`, `password`, `admin`, `qwerty`).
How to fix CVE-2025-65014
To remediate CVE-2025-65014, upgrade the affected package to a fixed version below.
- —upgrade to 25.11.0 or later
Is CVE-2025-65014 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.