Apache HertzBeat (incubating): RCE by parse http sitemap xml response

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat.

The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability.

This issue affects Apache HertzBeat (incubating): before 1.7.0.

Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Basic Information

ID CVE-2025-24404

Source apache

Published Sep 9, 2025 at 09:30

Modified Sep 10, 2025 at 14:22

Affected Product

Vendor Apache Software Foundation

Product Apache HertzBeat (incubating)

Affected Versions Apache Software Foundation Apache HertzBeat (incubating) 0

CWE Classification

CWE-91

References

lists.apache.org /thread/4ydy3tqbpwmhl79mcj3pxwqz62nggrfd

{
    "lastseen": "",
    "description": "XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat.\n\n\n\n\n\n\n\n\n\n\n\n\nThe attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability.\n\nThis issue affects Apache HertzBeat (incubating): before 1.7.0.\n\nUsers are recommended to upgrade to version 1.7.0, which fixes the issue.",
    "published": "2025-09-09T09:30:59.424Z",
    "modified": "2025-09-10T14:22:22.014Z",
    "type": "cve",
    "title": "Apache HertzBeat (incubating): RCE by parse http sitemap xml response",
    "source": "apache",
    "references": "https://lists.apache.org/thread/4ydy3tqbpwmhl79mcj3pxwqz62nggrfd",
    "id": "CVE-2025-24404",
    "bulletinFamily": "",
    "cwe": [
        "CWE-91"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache HertzBeat (incubating) 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache HertzBeat (incubating)",
    "version": "0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Apache HertzBeat (incubating): RCE by parse http sitemap xml response_CVE-2025-24404