oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection vulnerability

From: Chao Gong <gongchao () apache org>
Date: Fri, 05 Sep 2025 15:32:05 +0000
Severity: moderate 

Affected versions:

- Apache HertzBeat (incubating) through 1.7.2

Description:

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat .

This issue affects Apache HertzBeat: through 1.7.2.

Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Credit:

F10wers13eiCHeng (finder)
aftersnow (finder)

References:

https://hertzbeat.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-48208
Previous By Date Next
Previous By Thread Next

Current thread: