CVE-2025-24404

Description

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-91 CWE-91

Affected Products

Vendor	Product	Versions
apache	hertzbeat	< 1.7.0

References

Advisories & Patches

https://lists.apache.org/thread/4ydy3tqbpwmhl79mcj3pxwqz62nggrfd

Other References

http://www.openwall.com/lists/oss-security/2025/09/06/4

Frequently Asked Questions

What is CVE-2025-24404? +

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue. It has a CVSS v3.1 base score of 8.8 (HIGH).

How severe is CVE-2025-24404? +

CVE-2025-24404 has a CVSS v3.1 score of 8.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2025-24404? +

CVE-2025-24404 affects products from apache, specifically: hertzbeat. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-24404? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-41674

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to …

CVE-2025-9375

XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1. NOTE: the scope …

CVE-2026-41675

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to …

CVE-2026-41672

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to …

CVE-2024-51136 9.8

An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary …

CVE-2026-40165 8.7

authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass …

Description

CVSS v3.1 Score

Weakness Type (CWE)

Affected Products

References

Advisories & Patches

Other References

Frequently Asked Questions

Related Vulnerabilities

Don't wait for an exploit