CVE-2025-66361
📋 TL;DR
Logpoint versions before 7.7.0 expose sensitive information in system processes during high CPU load conditions. This affects all Logpoint deployments running vulnerable versions, potentially exposing credentials, configuration data, or other sensitive information to local users or attackers who gain access to process listings.
💻 Affected Systems
- Logpoint
📦 What is this software?
Siem by Logpoint
⚠️ Risk & Real-World Impact
Worst Case
Attackers with local access could extract credentials, API keys, or other sensitive data from process memory, leading to complete system compromise, lateral movement, or data exfiltration.
Likely Case
Local users or attackers who gain initial access can view sensitive information in process listings during high load periods, potentially obtaining credentials for further exploitation.
If Mitigated
With proper access controls and monitoring, impact is limited to authorized users who already have system access, though sensitive data exposure remains a concern.
🎯 Exploit Status
Exploitation requires local system access and occurs during specific high-load conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.7.0
Vendor Advisory: https://servicedesk.logpoint.com/hc/en-us/articles/29160993806749-Process-Data-Exposure-Under-High-Load
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Upgrade to Logpoint 7.7.0 or later. 3. Restart Logpoint services. 4. Verify upgrade completed successfully.
🔧 Temporary Workarounds
Monitor and Limit CPU Load
linuxImplement monitoring to detect high CPU load conditions and take action to reduce load before sensitive data exposure occurs.
# Monitor CPU load continuously
while true; do uptime; sleep 5; done
Restrict Process Access
linuxLimit access to process information using permissions and access controls to prevent unauthorized viewing.
# Restrict /proc access if possible
chmod 750 /proc/*/status
🧯 If You Can't Patch
- Implement strict access controls to limit who can view system processes and monitor for unauthorized access attempts.
- Deploy additional monitoring for high CPU load conditions and implement automated responses to reduce load when thresholds are exceeded.
🔍 How to Verify
Check if Vulnerable:
Check Logpoint version: if version is below 7.7.0, system is vulnerable. Monitor for sensitive data in process listings during high CPU load.Check Version:
logpoint-version-check or check Logpoint web interface for version informationVerify Fix Applied:
Verify Logpoint version is 7.7.0 or higher and test that sensitive information is no longer exposed in process listings during simulated high load.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access to /proc filesystem
- Multiple process listing commands from unusual users
- High CPU load alerts
Network Indicators:
- N/A - Local exploitation only
SIEM Query:
source="system_logs" AND (process_access="/proc/*" OR command="ps" OR command="top") AND user!="authorized_users"