Apache HertzBeat LDAP Injection via LDAP Query (before 1.7.3)
CVE-2025-48208 Published on September 9, 2025
Apache HertzBeat (incubating): Jmx JNDI injection vulnerability
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat .
The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution.
This issue affects Apache HertzBeat: through 1.7.2.
Users are recommended to upgrade to version [1.7.3], which fixes the issue.
Vulnerability Analysis
CVE-2025-48208 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a LDAP Injection Vulnerability?
The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
CVE-2025-48208 has been classified to as a LDAP Injection vulnerability or weakness.
Products Associated with CVE-2025-48208
Want to know whenever a new CVE is published for Apache Hertzbeat? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache HertzBeat (incubating):- Before and including 1.7.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.