CVE-2025-66360 is a security vulnerability identified in Logpoint versions before 7.7.0. The core issue arises from an improperly configured access control policy that inadvertently exposes sensitive internal service information related to Redis, a key-value store used internally by Logpoint. Specifically, li-admin users—who typically have limited administrative privileges—can access Redis service details that should be restricted. This exposure can be leveraged to escalate privileges beyond the intended scope, potentially allowing attackers or malicious insiders to gain unauthorized control over the Logpoint system. The vulnerability does not require external network exploitation but depends on the attacker having li-admin level access, which may be obtained through other means. Redis exposure can lead to manipulation of internal data, configuration changes, or unauthorized command execution within the Logpoint environment. No public exploits have been reported yet, but the risk remains significant due to the sensitive nature of SIEM platforms in monitoring and managing security events. The absence of a CVSS score indicates this is a newly published vulnerability, with technical details still emerging. The recommended remediation is upgrading to Logpoint version 7.7.0 or later, where the access control policy is corrected. Additionally, organizations should audit and tighten access controls to ensure li-admin users cannot access internal Redis service information. This vulnerability highlights the importance of strict internal service segmentation and least privilege principles within security monitoring platforms.

For European organizations, the impact of CVE-2025-66360 can be substantial. Logpoint is widely used as a SIEM solution to collect, analyze, and correlate security event data. Unauthorized privilege escalation within Logpoint can compromise the integrity and confidentiality of security logs and alerts, potentially allowing attackers to hide their activities or manipulate security monitoring. This undermines incident detection and response capabilities, increasing the risk of prolonged undetected breaches. Organizations in critical sectors such as finance, energy, telecommunications, and government are particularly vulnerable due to their reliance on SIEM for regulatory compliance and threat detection. The exposure of Redis internal service information could also lead to broader system compromise if attackers leverage escalated privileges to move laterally or disrupt service availability. Given the centralized role of Logpoint in security operations, exploitation could have cascading effects on organizational security posture and data protection obligations under GDPR. The lack of known exploits currently reduces immediate risk, but the vulnerability’s nature demands prompt attention to prevent future attacks.

To mitigate CVE-2025-66360, European organizations should: 1) Immediately upgrade Logpoint installations to version 7.7.0 or later, where the access control misconfiguration is resolved. 2) Conduct a thorough audit of access control policies, specifically verifying that li-admin users do not have access to internal Redis service information or other sensitive internal components. 3) Implement strict role-based access control (RBAC) and enforce the principle of least privilege to limit user permissions within Logpoint. 4) Monitor internal access logs for unusual activity by li-admin users or attempts to access Redis or other internal services. 5) Segment internal services such as Redis from user-facing components to reduce exposure risk. 6) Incorporate this vulnerability into incident response plans and conduct tabletop exercises to prepare for potential exploitation scenarios. 7) Engage with Logpoint support or security advisories for any additional patches or configuration guidance. These steps go beyond generic advice by focusing on internal service segmentation, access policy refinement, and proactive monitoring tailored to the vulnerability’s specifics.