Cyber Security News

Logsign Vulnerability Allows Remote Attackers to Bypass Authentication

A critical security vulnerability has been identified and disclosed in the Logsign Unified SecOps Platform, allowing remote attackers to bypass authentication mechanisms.

The vulnerability tracked as CVE-2025-1044, has been assigned a CVSS score of 9.8, placing it in the “Critical” severity category.

Vulnerability Details

This security flaw resides within Logsign’s Unified SecOps Platform, a tool widely used for security orchestration and automation.

The issue stems from improper implementation of the authentication algorithm in its web service, which listens on TCP port 443 by default. Exploiting this weakness, attackers can bypass authentication without requiring valid credentials.

The flaw has the potential to grant attackers unauthorized access to sensitive data and allow them to perform malicious actions with a high impact on the confidentiality, integrity, and availability of the targeted system.

Notably, no user interaction or special privileges are required to exploit this vulnerability, making it particularly dangerous.

Researchers Abdessamad Lahlali and Smile Thanapattheerakul from Trend Micro’s Zero Day Initiative (ZDI) discovered and reported this vulnerability under ZDI-25-085 (ZDI-CAN-25336). The sequence of events is as follows:

  • 2024-09-26: Vulnerability reported to Logsign.
  • 2025-02-05: Coordinated public release of the advisory.
  • 2025-02-05: Advisory updated with more details.

Logsign has acknowledged the security issue and issued a patch in their Unified SecOps Platform, as detailed in the Version 6.4.32 release notes.

Users and organizations using Logsign are strongly urged to apply this update immediately to mitigate potential exploitation risks. For detailed instructions, refer to the Logsign support page: Version 6.4.32 Release Notes.

Given the critical nature of this flaw, organizations relying on the Logsign Unified SecOps Platform are at high risk if they fail to update their systems.

Exploitation could lead to a full compromise of the platform, exposing sensitive information and allowing attackers to manipulate or disrupt security operations.

  1. Immediately update to the latest version (6.4.32 or later).
  2. Review access logs to identify any suspicious activity.
  3. Enhance network monitoring for signs of unauthorized access.

This incident underscores the importance of timely vulnerability management and patch applications to safeguard critical systems.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials

A newly identified phishing campaign is targeting unsuspecting users by masquerading as urgent Zoom meeting…

9 hours ago

New Hannibal Stealer Uses Stealth and Obfuscation to Evade Detection

A newly identified piece of malware, dubbed the "Hannibal Stealer," has emerged as a significant…

9 hours ago

Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives

Advanced persistent threat (APT) groups with ties to China have become persistent players in the…

9 hours ago

Cache Timing Techniques Used to Bypass Windows 11 KASLR and Reveal Kernel Base

Cache timing side-channel attacks have been used to circumvent Kernel Address Space Layout Randomization (KASLR)…

9 hours ago

Hackers Exploit AutoIT Scripts to Deploy Malware Targeting Windows Systems

Cybersecurity researchers have unearthed a sophisticated attack leveraging AutoIT, a long-standing scripting language known for…

11 hours ago

New Report Finds 67% of Organizations Experienced Cyber Attacks in the Last Year

A disturbing 67% of businesses in eight worldwide markets—the US, UK, Spain, the Netherlands, Germany,…

12 hours ago