CVE-2025-66360
📋 TL;DR
Logpoint versions before 7.7.0 have an access control misconfiguration that allows li-admin users to access sensitive Redis service information. This exposure can enable privilege escalation attacks. Only Logpoint deployments with li-admin users are affected.
💻 Affected Systems
- Logpoint
📦 What is this software?
Siem by Logpoint
⚠️ Risk & Real-World Impact
Worst Case
Attackers with li-admin access could exploit Redis access to gain full administrative control over the Logpoint system, potentially compromising all monitored data and system integrity.
Likely Case
Malicious insiders or compromised li-admin accounts could escalate privileges to gain unauthorized access to sensitive system data and configurations.
If Mitigated
With proper access controls and monitoring, impact is limited to authorized li-admin users who would not abuse their privileges.
🎯 Exploit Status
Exploitation requires li-admin user credentials. The vulnerability involves accessing exposed Redis service information that should be restricted.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.7.0
Vendor Advisory: https://servicedesk.logpoint.com/hc/en-us/articles/29160917867549-Redis-communication-exposed-for-internal-communication
Restart Required: Yes
Instructions:
1. Backup Logpoint configuration and data. 2. Upgrade to Logpoint version 7.7.0 or later. 3. Restart Logpoint services. 4. Verify the upgrade completed successfully.
🔧 Temporary Workarounds
Restrict li-admin access
allTemporarily remove or restrict li-admin user accounts until patching can be completed.
# Review and modify li-admin user accounts in Logpoint administration panel
# Consider implementing temporary access controls for li-admin users
Network segmentation
linuxImplement network controls to restrict access to Redis service ports from unauthorized users.
# Example firewall rule to restrict Redis port access
iptables -A INPUT -p tcp --dport 6379 -s trusted_ips -j ACCEPT
iptables -A INPUT -p tcp --dport 6379 -j DROP
🧯 If You Can't Patch
- Implement strict access controls and monitoring for all li-admin user accounts
- Segment network access to Redis service and implement additional authentication layers
🔍 How to Verify
Check if Vulnerable:
Check Logpoint version: If version is below 7.7.0 and li-admin users exist, the system is vulnerable.Check Version:
logpoint-cli versionVerify Fix Applied:
After upgrading to 7.7.0 or later, verify that li-admin users cannot access Redis service information through Logpoint interfaces.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to Redis service
- Unusual li-admin user activity patterns
- Privilege escalation attempts in Logpoint audit logs
Network Indicators:
- Unexpected connections to Redis port (default 6379) from li-admin user workstations
- Redis protocol traffic from unauthorized sources
SIEM Query:
source="logpoint" (user="*li-admin*" AND (resource="redis" OR port=6379))