PT-2025-39407 · Unknown · Geyang Ml-Logger
0X1F
·
Published
2025-09-25
·
Updated
2025-09-25
·
CVE-2025-10952
CVSS v4.0
5.5
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
geyang ml-logger versions prior to acf255bade5be6ad88d90735c8367b28cbe3a743
Description
A security flaw exists in geyang ml-logger. The issue resides in the
stream handler function within the ml logger/server.py file of the File Handler component. Manipulation of the key argument can lead to information disclosure. This attack can be initiated remotely and the exploit has been publicly released.Recommendations
Update geyang ml-logger to a version later than acf255bade5be6ad88d90735c8367b28cbe3a743.
As a temporary workaround, consider restricting access to the
stream handler function until a patch is available.
Avoid using or carefully sanitize the key argument passed to the stream handler function.Exploit
Fix
Improper Access Control
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Geyang Ml-Logger