CNNVD-202510-1057 Information

CNNVD ID

CNNVD-202510-1057

Related CVE

CVE-2025-57564

• CNNVD Published: 2025-10-07

Description (Chinese)

CubeAPM是CubeAPM公司的一个代码开发工具。 CubeAPM nightly-2025-08-01-1版本存在安全漏洞，该漏洞源于未经验证的攻击者可通过/api/logs/insert/elasticsearch/_bulk端点注入任意日志条目，可能导致日志投毒和性能下降。

Description (English)

CubeAPM is a code development tool for CubeAPM. The CubeAPM nightly-2025-08-01-1 version has a security loophole, which stems from the fact that uncertified assailants can inject any log entry through /api/logs/insert/elisticsearch/ bulk endpoints, which may lead to the poisoning and decline of the log.

Hazard Level

High

Vulnerability Type

其他

Published

2025-10-07

Last Modified

2026-02-24

References

https://github.com/prassan10/CubeAPM/blob/main/CVE-2025-57564%3A%20Unauthenticated%20Log%20Injection%20in%20CubeAPM https://github.com/prassan10/CubeAPM/blob/main/Unauthenticated-Log_Injection https://access.redhat.com/security/cve/cve-2025-57564