Plattform
nagios
Komponente
logpoint
Behoben in
7.6.0
CVE-2025-54317 describes a Path Traversal vulnerability discovered in Logpoint versions prior to 7.6.0. This flaw allows an attacker with operator privileges to potentially achieve remote code execution (RCE) by manipulating the creation of Layout Templates. Affected versions include those from 0 up to and including 7.6.0. A patch is available in version 7.6.0.
The impact of CVE-2025-54317 is severe due to the potential for Remote Code Execution. An attacker exploiting this vulnerability could gain complete control over the Logpoint system, allowing them to steal sensitive data, modify system configurations, or launch further attacks against other systems within the network. The ability to execute arbitrary code on the server represents a significant compromise of confidentiality, integrity, and availability. Successful exploitation could lead to a complete system takeover and data exfiltration.
CVE-2025-54317 was published on 2025-07-20. Currently, there are no publicly known Proof-of-Concept (PoC) exploits available. The vulnerability's CVSS score of 8.4 (HIGH) indicates a significant risk. It is not currently listed on the CISA KEV catalog. The requirement for operator privileges may limit the immediate exploitability, but the potential for RCE warrants immediate attention.
Organizations heavily reliant on Logpoint for security monitoring and incident response are particularly at risk. Environments with a large number of users with operator privileges, or those with inadequate access controls, face a heightened risk of exploitation. Shared hosting environments utilizing Logpoint are also vulnerable.
• nagios / server:
journalctl -u logpoint | grep -i "path traversal"• nagios / server:
ps aux | grep logpoint | grep -i "layout template"• nagios / server:
find /opt/logpoint/ -name '*template*' -type f -printdisclosure
Exploit-Status
EPSS
0.24% (47% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-54317 is to upgrade Logpoint to version 7.6.0 or later, which contains the fix. If immediate upgrade is not possible, consider restricting access to the Layout Template creation functionality to only trusted users. Implement strict input validation on any user-supplied data used in the Layout Template creation process to prevent path traversal attempts. Monitor Logpoint logs for suspicious activity, particularly related to file access and template creation. After upgrade, confirm the vulnerability is resolved by attempting to create a Layout Template with a malicious path traversal payload and verifying that it is rejected.
Actualice Logpoint a la versión 7.6.0 o posterior. Esto corrige la vulnerabilidad de path traversal que permite la ejecución remota de código. Consulte el aviso de seguridad del proveedor para obtener más detalles sobre la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-54317 is a Path Traversal vulnerability in Logpoint versions 0–7.6.0, allowing attackers with operator privileges to potentially achieve remote code execution by manipulating Layout Template creation.
You are affected if you are running Logpoint versions 0 through 7.6.0. Upgrade to 7.6.0 or later to mitigate the vulnerability.
Upgrade Logpoint to version 7.6.0 or later. Implement stricter access controls and monitor logs for suspicious activity as interim measures.
As of the current disclosure date, there are no confirmed reports of active exploitation, but the vulnerability's potential for RCE warrants immediate attention.
Refer to the official Logpoint security advisory for detailed information and instructions: [Replace with actual Logpoint advisory URL when available]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.