Logsign Vulnerability Allows Remote Attackers to Bypass Authentication

A critical security vulnerability has been identified and disclosed in the Logsign Unified SecOps Platform, allowing remote attackers to bypass authentication mechanisms.

The vulnerability tracked as CVE-2025-1044, has been assigned a CVSS score of 9.8, placing it in the “Critical” severity category.

Vulnerability Details

This security flaw resides within Logsign’s Unified SecOps Platform, a tool widely used for security orchestration and automation.

The issue stems from improper implementation of the authentication algorithm in its web service, which listens on TCP port 443 by default. Exploiting this weakness, attackers can bypass authentication without requiring valid credentials.

The flaw has the potential to grant attackers unauthorized access to sensitive data and allow them to perform malicious actions with a high impact on the confidentiality, integrity, and availability of the targeted system.

Notably, no user interaction or special privileges are required to exploit this vulnerability, making it particularly dangerous.

Researchers Abdessamad Lahlali and Smile Thanapattheerakul from Trend Micro’s Zero Day Initiative (ZDI) discovered and reported this vulnerability under ZDI-25-085 (ZDI-CAN-25336). The sequence of events is as follows:

• 2024-09-26: Vulnerability reported to Logsign.
• 2025-02-05: Coordinated public release of the advisory.
• 2025-02-05: Advisory updated with more details.

Logsign has acknowledged the security issue and issued a patch in their Unified SecOps Platform, as detailed in the Version 6.4.32 release notes.

Users and organizations using Logsign are strongly urged to apply this update immediately to mitigate potential exploitation risks. For detailed instructions, refer to the Logsign support page: Version 6.4.32 Release Notes.

Given the critical nature of this flaw, organizations relying on the Logsign Unified SecOps Platform are at high risk if they fail to update their systems.

Exploitation could lead to a full compromise of the platform, exposing sensitive information and allowing attackers to manipulate or disrupt security operations.

1. Immediately update to the latest version (6.4.32 or later).
2. Review access logs to identify any suspicious activity.
3. Enhance network monitoring for signs of unauthorized access.

This incident underscores the importance of timely vulnerability management and patch applications to safeguard critical systems.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free