Platform
nagios
Component
logpoint
Fixed in
7.6.0
CVE-2025-54317 describes a Path Traversal vulnerability discovered in Logpoint versions prior to 7.6.0. This flaw allows an attacker with operator privileges to potentially achieve remote code execution (RCE) by manipulating the creation of Layout Templates. Affected versions include those from 0 up to and including 7.6.0. A patch is available in version 7.6.0.
The impact of CVE-2025-54317 is severe due to the potential for remote code execution. An attacker exploiting this vulnerability could gain complete control over the Logpoint system, allowing them to steal sensitive data, install malware, or disrupt operations. The requirement of operator privileges limits the initial attack vector, but once gained, the attacker's access is extensive. Successful exploitation could lead to a full system compromise, impacting the confidentiality, integrity, and availability of monitored data and the underlying infrastructure.
CVE-2025-54317 was publicly disclosed on 2025-07-20. Currently, no public proof-of-concept (POC) exploits are known. The EPSS score is pending evaluation. It is not listed on the CISA KEV catalog at the time of writing.
Exploit Status
EPSS
0.24% (47% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-54317 is to upgrade Logpoint to version 7.6.0 or later, which contains the fix. If immediate upgrading is not possible, consider implementing strict access controls to limit the number of users with operator privileges. Review and restrict file system access permissions for the Logpoint user account. Monitor Logpoint logs for suspicious activity related to Layout Template creation. While a WAF cannot directly prevent this path traversal, it can be configured to detect and block requests containing unusual file paths.
Actualice Logpoint a la versión 7.6.0 o posterior. Esto corrige la vulnerabilidad de path traversal que permite la ejecución remota de código. Consulte el aviso de seguridad del proveedor para obtener más detalles sobre la actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-54317 is a Path Traversal vulnerability in Logpoint versions 0–7.6.0, allowing attackers with operator privileges to potentially achieve remote code execution by manipulating Layout Template creation.
You are affected if you are running Logpoint versions 0 through 7.6.0. Upgrade to 7.6.0 or later to mitigate the vulnerability.
Upgrade Logpoint to version 7.6.0 or later. Implement stricter access controls and monitor logs for suspicious activity as interim measures.
As of the current disclosure date, there are no confirmed reports of active exploitation, but the vulnerability's potential for RCE warrants immediate attention.
Refer to the official Logpoint security advisory for detailed information and instructions: [Replace with actual Logpoint advisory URL when available]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.