PT-2025-36719 · Apache · Apache Hertzbeat
Springkill
+2
·
Published
2025-09-09
·
Updated
2025-09-17
·
CVE-2025-24404
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache HertzBeat versions prior to 1.7.0
Description
An XML injection Remote Code Execution (RCE) vulnerability exists in Apache HertzBeat due to parsing of HTTP sitemap XML responses. An attacker with an authenticated account and access can trigger the vulnerability by adding a monitor that parses XML and returns specially crafted content.
Recommendations
Upgrade to version 1.7.0.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Hertzbeat