CVE-2025-48208
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-11-04

Assigner: Apache Software Foundation

Description
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution. This issue affects Apache HertzBeat: through 1.7.2. Users are recommended to upgrade to version [1.7.3], which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-48208
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache hertzbeat to 1.7.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-90 The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an LDAP Injection in Apache HertzBeat, where special elements in an LDAP query are not properly neutralized. An attacker with an authenticated account can craft custom commands to exploit this flaw, potentially leading to arbitrary script execution.

Impact Analysis

If exploited, this vulnerability can allow an attacker with access to execute arbitrary scripts, which could lead to unauthorized actions, data compromise, or further system exploitation.

Mitigation Strategies

Users are recommended to upgrade Apache HertzBeat to version 1.7.3, which fixes the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48208. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart