CVE-2025-24404HIGH 8.8EPSS p38.0%

CVE-2025-24404CVE-2025-24404

Description

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.49% probability of exploitation · percentile 38.0% · 2026-06-19T12:03:05Z
Published2025-09-09
Last modified2025-11-04

Underlying weaknesses· 1

CWE-91

References

  1. https://lists.apache.org/thread/4ydy3tqbpwmhl79mcj3pxwqz62nggrfd
  2. http://www.openwall.com/lists/oss-security/2025/09/06/4

1

TypeTargetConfidenceTier
WeaknessXML Injection (aka Blind XPath Injection)cwe-910%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-24343
CVE
CVE-2025-48208
CVE
CVE-2026-42536
CVE
CVE-2025-54466
CVE
CVE-2025-25589
CVE
CVE-2026-36765
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.