CVE-2025-65014: 
PHP Análisis y mitigación de vulnerabilidades

LibreNMS, an auto-discovering PHP/MySQL/SNMP based network monitoring tool, was found to contain a weak password policy vulnerability (CVE-2025-65014) prior to version 25.11.0. The vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as '12345678', potentially exposing the platform to brute-force and credential stuffing attacks (GitHub Advisory).

The vulnerability exists in the user management functionality where the application fails to enforce a strong password policy during user creation. The issue has been assigned a CVSS v3.1 base score of 3.7 (Low) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified as CWE-521 (Weak Password Requirements), indicating insufficient password security controls (GitHub Advisory).

The weak password policy vulnerability can lead to increased risk of brute-force and credential stuffing attacks, potentially resulting in unauthorized access to user or administrative accounts, privilege escalation through compromised credentials, and overall degradation of the platform's security posture (GitHub Advisory).

The vulnerability has been patched in version 25.11.0. Recommended mitigations include enforcing a strong password policy with a minimum of 12 characters containing uppercase, lowercase, digits, and special characters, as well as blocking the use of commonly known weak passwords such as '12345678', 'password', 'admin', and 'qwerty' (GitHub Advisory).