CVE-2025-60357
Received Received - Intake

NoSQL Injection Vulnerability in AhnLab EPP Management

Vulnerability report for CVE-2025-60357, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: MITRE

Description

AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ahnlab epp_management to P16.25 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-60357 is a NoSQL injection vulnerability in AhnLab EPP Management v1.0.14.32-6249. It allows authenticated attackers to inject malicious MongoDB queries via the eventlog/agentEvent/list endpoint to extract sensitive data like PII.

Detection Guidance

To detect this NoSQL injection vulnerability in AhnLab EPP Management, monitor network traffic for suspicious requests to the /api/console/ems/eventlog/agentEvent/list endpoint. Check for unusual MongoDB query patterns in logs, such as appended malicious queries in request bodies. Use tools like Wireshark or tcpdump to inspect HTTP POST requests containing JSON payloads with MongoDB operators like $ne, $gt, or $where.

Impact Analysis

Attackers could bypass authentication and access unauthorized logs containing sensitive information such as IP addresses, computer names, login IDs, MAC addresses, and other PII. This could lead to data breaches or unauthorized access to confidential data.

Compliance Impact

This vulnerability could lead to unauthorized access and exposure of personally identifiable information (PII), which may violate GDPR and HIPAA compliance requirements. Organizations using the affected software must ensure proper patching to avoid regulatory penalties.

Mitigation Strategies

Immediately update AhnLab EPP Management to version P16.25 or later to patch the vulnerability. If updating is not possible, restrict access to the /api/console/ems/eventlog/agentEvent/list endpoint via network segmentation or firewall rules. Implement strict input validation for all API requests and monitor for unauthorized data access attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60357. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart