Path Traversal in Layout Templates Allows Remote Code Execution

Kripa Thapa

July 23, 2025 04:33

Advisory ID: LVD-2024-019

CVSSv 3.1 Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CVSSv 3.1 Base Score: 8.4

Severity: High

CVE: CVE-2025-54317

CWE: CWE-73

Date Published: 2025-07-08

Description:

An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE).

Affected Product:

Logpoint v7.5.0 and earlier.

Solution:

Upgrade to Logpoint v7.6.0 or later.

Comments

Article is closed for comments.

XSS vulnerability in Report Templates using built-in Jinja filter functions
Unauthorized information access due to inadequate access controls
Template injection in Search Template
Redis communication exposed for internal communication
BitDefender

Was this article helpful?

0 out of 0 found this helpful

Important Information

By clicking “I Agree & Download”, you confirm that you have reviewed the prerequisites and key information for Logpoint version 7.8.0. You acknowledge that this version requires firewall port 8443 to be opened in environments where a firewall exists between distributed Logpoint components (for example, between nodes or collectors). Failure to apply the required firewall changes may impact system functionality.
For more details, please review the following article:
https://servicedesk.logpoint.com/hc/en-us/articles/33742792586653-Change-in-LP-LP-Communication-Firewall-Requirement-from-7-8-0

Please ensure that all prerequisite requirements are met before proceeding with this installation or upgrade.

Cancel I Agree & Download

Note: We use cookies that are essential for the smooth functioning of our website.

Comments

Related articles