Security Advisory

CVE-2025-24404

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-09 09:30:59

Last updated 2025-11-04 21:09:42

Assigner apache

State PUBLISHED

Description

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

← Browse all CVEs View on cve.org ↗