CVE-2025-66360: Logpoint Redis Communication Exposure Leads to Privilege Escalation

Overview

CVE-2025-66360 describes a vulnerability discovered in Logpoint versions prior to 7.7.0. This issue arises from an improperly configured access control policy, which allows users with li-admin privileges to access sensitive information related to Logpoint’s internal Redis service. This exposure can potentially be exploited to achieve privilege escalation within the Logpoint environment.

Technical Details

The vulnerability stems from a lack of sufficient access control restrictions on the Redis service, which Logpoint uses internally for caching and inter-process communication. li-admin users, while intended to have administrative access to specific Logpoint functionalities, should not have access to the raw Redis data. The exposure of Redis information provides a potential attack vector. Attackers could potentially leverage this access to:

• Examine cached data for sensitive information, such as credentials or configurations.
• Manipulate Redis data to influence the behavior of Logpoint components.
• Potentially execute arbitrary commands on the Logpoint system.

The root cause is likely a default configuration or a configuration error that grants excessive permissions to the li-admin role regarding the Redis instance.

CVSS Analysis

Currently, a CVSS score for CVE-2025-66360 is not available (N/A). However, given the potential for privilege escalation, it is expected to be categorized as at least a ‘Medium’ severity vulnerability. A full CVSS assessment will depend on the specific exploitability and impact within a given Logpoint deployment. Once the vendor provides more information about exploitability, a CVSS score will be easier to define.

Possible Impact

The impact of CVE-2025-66360 could be significant, potentially allowing an attacker with li-admin privileges to:

• Gain complete control over the Logpoint system.
• Access and exfiltrate sensitive data stored within Logpoint.
• Compromise connected systems and data sources.
• Disrupt Logpoint’s functionality, leading to security monitoring gaps.

Therefore, organizations using affected Logpoint versions should prioritize patching or implementing the recommended mitigations.

Mitigation or Patch Steps

The recommended mitigation is to upgrade Logpoint to version 7.7.0 or later, where the vulnerability has been addressed. Follow these steps:

1. Consult the official Logpoint documentation for detailed upgrade instructions.
2. Back up your Logpoint configuration and data before initiating the upgrade process.
3. Test the upgraded Logpoint instance in a non-production environment before deploying it to production.
4. Verify that the li-admin role no longer has access to the Redis service after the upgrade.

If an immediate upgrade is not feasible, consider implementing temporary mitigations, such as restricting network access to the Redis service to only the necessary Logpoint components. Consult Logpoint support for specific guidance on temporary mitigation strategies.

References

• Logpoint Advisory: Redis communication exposed for internal communication