CVE-2025-48208

CWE-903 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 77.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Hertzbeat Apache Software Foundation Apache Hertzbeat (incubating)

Timeline

PublishedSep 9

Description

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution. This issue affects Apache HertzBeat: through 1.7.2. Users are recommended to upgrade to version [1.7.3], which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDapache/hertzbeat< 1.7.3

▶CVEListV5apache_software_foundation/apache_hertzbeat_(incubating)1.7.2

🔴Vulnerability Details

GHSA

GHSA-q6jp-29q3-rwxv: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat↗2025-09-09

▶

CVEList

Apache HertzBeat (incubating): Jmx JNDI injection vulnerability↗2025-09-09

▶