Medium severity4.3NVD Advisory· Published Feb 12, 2025· Updated Apr 15, 2026

CVE-2025-1228

Description

A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOG_Monitor of the component Logfile Update Handler. The manipulation of the argument path leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Path traversal vulnerability in Loggrove's logfile update handler allows remote attackers to read arbitrary files via the path parameter.

Vulnerability

Overview

CVE-2025-1228 describes a path traversal vulnerability in the Loggrove system up to commit e428fac38cc480f011afcb1d8ce6c2bad378ddd6. The flaw resides in an unknown function within the file /read/?page=1&logfile=LOG_Monitor, specifically in the Logfile Update Handler. The path argument is not properly sanitized, enabling directory traversal sequences to be injected [1].

Exploitation

An attacker can exploit this vulnerability remotely by sending a crafted HTTP request to the /read/ endpoint with a manipulated logfile parameter containing path traversal sequences (e.g., ../). No authentication is required, as the attack is launched over the network without any prior credentials [1]. The exploit has been publicly disclosed, increasing the risk of active exploitation.

Impact

Successful exploitation allows an attacker to read arbitrary files on the server, including configuration files, source code, or sensitive system files. This leads to information disclosure, which could further aid in escalating attacks or compromising the system's confidentiality [1].

Mitigation

The vendor employs a continuous delivery model with rolling releases, so no specific patched version is available. Users are advised to monitor the official repository for updates and implement input validation or access controls on the /read/ endpoint as a temporary workaround [1].

References

The Loggrove system has an arbitrary file reading vulnerability. · Issue #IBJSXS · ZHOU旺/loggrove - Gitee

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gitee.com/olajowon/loggrove/issues/IBJSXSnvd
vuldb.comnvd
vuldb.comnvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000