A high-severity vulnerability, identified as CVE-2025-66359, has been discovered in multiple Logpoint products. This flaw could allow an attacker to compromise the Logpoint system, potentially leading to unauthorized access to sensitive log data, evasion of security monitoring, and further attacks within the network. Organizations are urged to apply the vendor-provided security updates immediately to mitigate the significant risk.

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary code on the underlying server. The flaw exists within a component of the web interface that fails to properly sanitize user-supplied input. By sending a specially crafted request to a specific endpoint, an attacker can inject and execute system commands with the privileges of the Logpoint application, leading to a complete compromise of the appliance.

This vulnerability is rated as High severity with a CVSS score of 8.5. Successful exploitation poses a critical risk to the organization's security posture. As Logpoint is a central component for security information and event management (SIEM), its compromise could allow an attacker to access, modify, or delete sensitive security logs, effectively covering their tracks and blinding the security team. Furthermore, an attacker could use the compromised Logpoint server as a pivot point to launch further attacks against other critical systems within the internal network, potentially leading to a widespread data breach, operational disruption, and significant reputational damage.

Immediate Action:

• Immediately apply the security updates provided by Logpoint to upgrade all affected systems to version 7.0.0 or later, following the vendor's official guidance.
• After patching, review access and application logs on the Logpoint server for any unusual or suspicious activity that may indicate a past or ongoing exploitation attempt.

Proactive Monitoring:

• Monitor web server access logs on Logpoint appliances for anomalous requests, particularly those containing special characters or command syntax directed at web interface endpoints.
• Implement network monitoring to detect unexpected outbound connections originating from the Logpoint server.
• Monitor for the creation of new user accounts or unexpected processes running on the Logpoint system.

Compensating Controls:

• If immediate patching is not feasible, restrict network access to the Logpoint management interface to a dedicated and trusted administrative network or specific IP addresses.
• Deploy a Web Application Firewall (WAF) with rules designed to inspect and block malicious requests attempting to exploit command injection vulnerabilities.

Public Exploit Available: false

Given the high CVSS score of 8.5 and the critical role Logpoint plays in security monitoring, this vulnerability represents a significant threat. Although it is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion and widespread exploitation. We strongly recommend that organizations prioritize the immediate patching of all affected Logpoint systems. If patching is delayed, implement the suggested compensating controls without delay to reduce the attack surface.