CVE-2025-26014

CriticalPublic PoC

Published: 21 February 2025

Published

21 February 2025

Modified

13 June 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0193 83.5th percentile

Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Description

A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.

Security Summary

CVE-2025-26014, published on 2025-02-21, is a remote code execution (RCE) vulnerability in Loggrove version 1.0. The flaw allows a remote attacker to execute arbitrary code by exploiting the path parameter. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-94 (code injection).

The vulnerability enables exploitation over the network with low complexity, requiring no authentication, privileges, or user interaction, while maintaining an unchanged impact scope. A remote attacker can achieve high-impact compromise, including unauthorized access to confidential data, modification of system integrity, and disruption of availability through arbitrary code execution on the affected Loggrove instance.

Mitigation details and further information are referenced in the project's repositories on Gitee (https://gitee.com/olajowon/loggrove/ and https://gitee.com/olajowon/loggrove/issues/IBJT1K) and GitHub (https://github.com/olajowon/loggrove/).

Details

CWE(s): CWE-94

Affected Products

olajowon

loggrove

1.0

References

https://gitee.com/olajowon/loggrove/
Product · cve@mitre.org
https://gitee.com/olajowon/loggrove/issues/IBJT1K
Exploit, Issue Tracking, Vendor Advisory · cve@mitre.org
https://github.com/olajowon/loggrove/
Product · cve@mitre.org