Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN588
_____________________________________________________________________

DATE                : 08/09/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache HertzBeat.

=====================================================================
https://lists.apache.org/thread/4ydy3tqbpwmhl79mcj3pxwqz62nggrfd
https://lists.apache.org/thread/3zrr3oo67pxxx7wgzj80kglltfshngn2
_____________________________________________________________________

CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse
http sitemap xml response

Severity: moderate 

Affected versions:

- Apache HertzBeat (incubating) before 1.7.0

Description:

XML Injection RCE by parse http sitemap xml response vulnerability in
Apache HertzBeat.

This issue affects Apache HertzBeat (incubating): before 1.7.0.

Users are recommended to upgrade to version 1.7.0, which fixes the
issue.


Credit:

unam4 (finder)
springkill (finder)
Zoiltin (finder)


References:

https://hertzbeat.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-24404

_____________________________________________________________________

CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection
vulnerability

Severity: moderate 

Affected versions:

- Apache HertzBeat (incubating) through 1.7.2


Description:

Improper Neutralization of Special Elements used in an LDAP Query
('LDAP Injection') vulnerability in Apache HertzBeat .

This issue affects Apache HertzBeat: through 1.7.2.

Users are recommended to upgrade to version [FIXED_VERSION], which
fixes the issue.


Credit:

F10wers13eiCHeng (finder)
aftersnow (finder)


References:

https://hertzbeat.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-48208


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================