cbcvebase.
CVE-2025-48208
published 2025-09-09

CVE-2025-48208: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an…

PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.59%
43.7th percentile
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution. This issue affects Apache HertzBeat: through 1.7.2. Users are recommended to upgrade to version [1.7.3], which fixes the issue.

Affected

2 ranges
VendorProductVersion rangeFixed in
apachehertzbeat< 1.7.31.7.3
apache_software_foundationapache_hertzbeat<= 1.7.2

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is LDAP Injection in Apache HertzBeat; monitor for crafted LDAP query payloads submitted via authenticated HertzBeat custom monitoring commands, which can lead to arbitrary script execution.
  • Affected versions of Apache HertzBeat are through 1.7.2; flag or alert on deployments running these versions where custom command functionality is accessible to authenticated users.
  • ·Exploitation requires an authenticated account with access to the custom commands feature; unauthenticated attackers cannot trigger this vulnerability.
  • ·No public exploit is known at this time, reducing immediate exploitation risk but not eliminating it for insider or compromised-credential scenarios.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.