oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse http sitemap xml response

From: Chao Gong <gongchao () apache org>
Date: Fri, 05 Sep 2025 15:21:58 +0000
Severity: moderate 

Affected versions:

- Apache HertzBeat (incubating) before 1.7.0

Description:

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat.

This issue affects Apache HertzBeat (incubating): before 1.7.0.

Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Credit:

unam4 (finder)
springkill (finder)
Zoiltin (finder)

References:

https://hertzbeat.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-24404
Previous By Date Next
Previous By Thread Next

Current thread: