Unrated severityNVD Advisory· Published Sep 9, 2025· Updated Nov 4, 2025

Apache HertzBeat (incubating): Jmx JNDI injection vulnerability

CVE-2025-48208

Description

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat .

The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution.

This issue affects Apache HertzBeat: through 1.7.2.

Users are recommended to upgrade to version [1.7.3], which fixes the issue.

Affected products

Apache/HertzBeatllm-fuzzy
Range: <=1.7.2
Apache Software Foundation/Apache HertzBeat (incubating)v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apache.org/thread/3zrr3oo67pxxx7wgzj80kglltfshngn2mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000