CRITICAL🇵🇱 Wersja polska

CVE-2025-26014

CVSS 9.8v3.1pub. 2025-02-21upd. 2025-06-13

A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation of the path parameter passed to the application, which corresponds to the CWE-94 category (code injection). An attacker can craft an appropriate network request by injecting malicious code through this parameter. The lack of authentication and low attack complexity make it possible for any person with network access to the service to execute the exploit.

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code in the context of the application process, which may lead to complete server takeover, data theft, backdoor installation, or further lateral movement in the network.

Mitigation & patch

Apply patches available from the vendor according to references. It is recommended to monitor the vendor's repositories (Gitee/GitHub) at https://gitee.com/olajowon/loggrove/ for information about available updates. Until the patch is implemented, consider restricting access to the service only to trusted IP addresses using a firewall.

Who is affected

Loggrove v.1.0 (vendor: Olajowon)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Olajowon Loggrove

    APP
    Olajowon
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-26013HIGH8.2ten sam produkt

An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component.

CVE-2025-26047MEDIUM5.1ten sam produkt

Loggrove v1.0 is vulnerable to SQL Injection in the read.py file.