CVE-2025-10952
📋 TL;DR
This vulnerability in geyang ml-logger allows remote attackers to perform information disclosure by manipulating the 'key' argument in the stream_handler function. The flaw enables unauthorized access to sensitive data through the file handler component. Anyone using affected versions of ml-logger with the vulnerable component exposed is at risk.
💻 Affected Systems
- geyang ml-logger
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete exposure of sensitive logging data including credentials, configuration secrets, and application data to remote attackers.
Likely Case
Partial information disclosure of logged data, potentially exposing system information or application details.
If Mitigated
Limited impact with proper network segmentation and access controls preventing external exploitation.
🎯 Exploit Status
Exploit details are publicly available in GitHub issue #74; remote exploitation is confirmed possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit after acf255bade5be6ad88d90735c8367b28cbe3a743
Vendor Advisory: https://github.com/geyang/ml-logger/issues/74
Restart Required: No
Instructions:
1. Update ml-logger to latest commit after acf255bade5be6ad88d90735c8367b28cbe3a743. 2. Verify the stream_handler function has proper input validation. 3. Test logging functionality remains operational.
🔧 Temporary Workarounds
Disable vulnerable component
allDisable or restrict access to the File Handler's stream_handler function if not required.
Network access controls
allImplement firewall rules to restrict access to ml-logger service to trusted networks only.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate ml-logger instances
- Monitor for unusual access patterns to the stream_handler endpoint
🔍 How to Verify
Check if Vulnerable:
Check if ml-logger version is at or before commit acf255bade5be6ad88d90735c8367b28cbe3a743 and if stream_handler is accessible.Check Version:
Check git commit hash or package version in your ml-logger installationVerify Fix Applied:
Verify ml-logger is updated to a commit after acf255bade5be6ad88d90735c8367b28cbe3a743 and test that key manipulation no longer causes information disclosure.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to stream_handler
- Requests with manipulated 'key' parameters
- Unexpected data retrieval from logging endpoints
Network Indicators:
- External connections to ml-logger service ports
- Unusual traffic patterns to logging endpoints
SIEM Query:
source="ml-logger" AND (uri="*stream_handler*" OR param="key")