CVE-2025-54317
BaseFortify
Publication date: 2025-07-20
Last updated on: 2025-07-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| logpoint | logpoint | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54317 is a path traversal vulnerability in Logpoint versions before 7.6.0. An attacker with operator privileges can exploit this flaw when creating a Layout Template, allowing them to traverse file paths improperly and execute remote code on the affected system. This means the attacker can run arbitrary commands remotely, potentially taking control of the system. [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows an attacker with operator privileges to execute arbitrary code remotely. This can lead to full system compromise, including unauthorized access to sensitive data, modification or deletion of data, and disruption of system availability. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Logpoint to version 7.6.0 or later, where the path traversal vulnerability in Layout Templates has been fixed. [1]