{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48208", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-05-18T00:58:41.640Z", "datePublished": "2025-09-09T09:31:35.585Z", "dateUpdated": "2025-09-09T09:31:35.585Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache HertzBeat (incubating)", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.7.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "F10wers13eiCHeng"}, {"lang": "en", "type": "finder", "value": "aftersnow"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat .</p>\n\n\n\n\n\n\n\n\n\n\n<p>The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution.</p><p>This issue affects Apache HertzBeat: through 1.7.2.</p><p>Users are recommended to upgrade to version [1.7.3], which fixes the issue.</p>"}], "value": "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat .\n\n\n\n\n\n\n\n\n\n\n\n\nThe attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution.\n\nThis issue affects Apache HertzBeat: through 1.7.2.\n\nUsers are recommended to upgrade to version [1.7.3], which fixes the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-90", "description": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-09-09T09:31:35.585Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/3zrr3oo67pxxx7wgzj80kglltfshngn2"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache HertzBeat (incubating): Jmx JNDI injection vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat .\n\n\n\n\n\n\n\n\n\n\n\n\nThe attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution.\n\nThis issue affects Apache HertzBeat: through 1.7.2.\n\nUsers are recommended to upgrade to version [1.7.3], which fixes the issue."}], "id": "CVE-2025-48208", "lastModified": "2025-09-09T10:15:33.287", "metrics": {}, "published": "2025-09-09T10:15:33.287", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread/3zrr3oo67pxxx7wgzj80kglltfshngn2"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-90"}], "source": "security@apache.org", "type": "Primary"}]}

{}

{}