Apache HertzBeat (incubating): Jmx JNDI injection vulnerability_CVE-2025-48208

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat .

The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution.

This issue affects Apache HertzBeat: through 1.7.2.

Users are recommended to upgrade to version [1.7.3], which fixes the issue.

Basic Information

ID CVE-2025-48208

Source apache

Published Sep 9, 2025 at 09:31

Modified Sep 10, 2025 at 14:22

Affected Product

Vendor Apache Software Foundation

Product Apache HertzBeat (incubating)

Affected Versions Apache Software Foundation Apache HertzBeat (incubating) 0

CWE Classification

CWE-90

References

lists.apache.org /thread/3zrr3oo67pxxx7wgzj80kglltfshngn2

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat .\n\n\n\n\n\n\n\n\n\n\n\n\nThe attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution.\n\nThis issue affects Apache HertzBeat: through 1.7.2.\n\nUsers are recommended to upgrade to version [1.7.3], which fixes the issue.",
    "published": "2025-09-09T09:31:35.585Z",
    "modified": "2025-09-10T14:22:30.363Z",
    "type": "cve",
    "title": "Apache HertzBeat (incubating): Jmx JNDI injection vulnerability",
    "source": "apache",
    "references": "https://lists.apache.org/thread/3zrr3oo67pxxx7wgzj80kglltfshngn2",
    "id": "CVE-2025-48208",
    "bulletinFamily": "",
    "cwe": [
        "CWE-90"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache HertzBeat (incubating) 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache HertzBeat (incubating)",
    "version": "0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}