CVE-2025-66359 – This cross-site scripting (XSS) vulnerability i... (How to Fix)

Q: What is the severity of CVE-2025-66359?

CVE-2025-66359 has a CVSS score of 8.5 (HIGH). This cross-site scripting (XSS) vulnerability in Logpoint allows attackers to inject malicious scripts into web pages viewed by other users. It affects all Logpoint deployments running versions before 7.7.0. The vulnerability stems from insufficient input validation and output escaping in multiple components.

📋 TL;DR

This cross-site scripting (XSS) vulnerability in Logpoint allows attackers to inject malicious scripts into web pages viewed by other users. It affects all Logpoint deployments running versions before 7.7.0. The vulnerability stems from insufficient input validation and output escaping in multiple components.

💻 Affected Systems

Products:

Logpoint SIEM/Security Analytics Platform

Versions: All versions before 7.7.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web interface components; no special configuration required for exploitation.

📦 What is this software?

Siem by Logpoint

View all CVEs affecting Siem →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, deface the interface, or redirect users to malicious sites, potentially leading to full system compromise.

🟠

Likely Case

Attackers inject malicious JavaScript to steal session cookies or credentials from authenticated users, enabling unauthorized access to the Logpoint system.

🟢

If Mitigated

With proper web application firewalls and input sanitization, the risk is reduced to minimal impact, though the vulnerability still exists.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity once the injection points are identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.7.0

Vendor Advisory: https://servicedesk.logpoint.com/hc/en-us/articles/29158899698333-XSS-Vulnerability-due-to-insufficient-input-validation

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download Logpoint 7.7.0 from official sources. 3. Follow Logpoint upgrade documentation for your deployment type. 4. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with XSS protection rules to block malicious payloads.

Input Validation Rules

all

Implement additional input validation at network perimeter or reverse proxy.

🧯 If You Can't Patch

Restrict access to Logpoint web interface to trusted networks only
Implement strict Content Security Policy (CSP) headers

🔍 How to Verify

Check if Vulnerable:

Check Logpoint version via web interface or command line; if version is below 7.7.0, system is vulnerable.

Check Version:

Check web interface dashboard or run 'lpctl version' on Logpoint server

Verify Fix Applied:

After upgrading, verify version is 7.7.0 or higher and test XSS payloads no longer execute.

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript payloads in web request logs
Multiple failed XSS attempts

Network Indicators:

HTTP requests containing script tags or JavaScript payloads to Logpoint endpoints

SIEM Query:

web_request contains "<script>" OR web_request contains "javascript:" AND destination="logpoint-server"

📊 Metadata

CVE ID: CVE-2025-66359

CVSS v3 Score: 8.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-79

EPSS Score: 0.05% exploit probability (13.5th percentile)

Published: November 28, 2025

Last Updated: December 3, 2025

🔗 References

https://servicedesk.logpoint.com/hc/en-us/articles/29158899698333-XSS-Vulnerability-due-to-insufficient-input-validation Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66359, you might also want to check these: