CVE-2025-1044
Published: 11 February 2025
Description
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25336.
Security Summary
CVE-2025-1044 is an authentication bypass vulnerability in the Logsign Unified SecOps Platform. The issue affects the web service component, which listens on TCP port 443 by default, due to a lack of proper implementation of the authentication algorithm. This flaw, tracked as ZDI-CAN-25336 and associated with CWE-287, enables remote attackers to bypass authentication without requiring valid credentials.
Remote attackers with network access can exploit this vulnerability without prior authentication or privileges, as indicated by the CVSS v3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, yielding a base score of 9.8. Successful exploitation allows attackers to gain unauthorized access to the system, potentially compromising confidentiality, integrity, and availability with high impact.
Advisories recommend updating to Logsign Unified SecOps Platform version 6.4.32, as detailed in the release notes at https://support.logsign.net/hc/en-us/articles/22076844908946-18-10-2024-Version-6-4-32-Release-Notes. Additional technical details and exploitation information are provided in the Zero Day Initiative advisory ZDI-25-085 at https://www.zerodayinitiative.com/advisories/ZDI-25-085/.
Details
- CWE(s)