CVE-2025-66360 is an authorization vulnerability identified in Logpoint's Security Information and Event Management (SIEM) product, affecting versions before 7.7.0. The root cause is an improperly configured access control policy that exposes sensitive internal service information related to Redis, a key-value store used internally by Logpoint. Specifically, users with the li-admin role, which presumably has elevated but not full administrative privileges, can access Redis service data that should be restricted. This exposure can facilitate privilege escalation, allowing attackers to gain higher privileges than intended, potentially compromising the integrity and confidentiality of the SIEM system. The vulnerability is remotely exploitable over the network (AV:N) with low attack complexity (AC:L), but requires privileges at the li-admin level (PR:H) and does not require user interaction (UI:N). The vulnerability impacts the confidentiality and integrity of internal services (VC:H, VI:N), with no impact on availability. The scope is limited to the Logpoint SIEM environment, but given the critical role of SIEMs in security monitoring, exploitation could have significant downstream effects. No known exploits have been reported in the wild, and no official patches have been released at the time of publication. The CVSS 4.0 base score is 6.9, reflecting a medium severity level. The vulnerability is classified under CWE-863 (Incorrect Authorization), highlighting a failure to enforce proper access control policies. Organizations using Logpoint SIEM should be aware of this issue and take immediate steps to mitigate risks while awaiting vendor patches.

For European organizations, the impact of CVE-2025-66360 can be significant due to the critical role SIEM systems play in detecting and responding to security incidents. Unauthorized access to internal Redis service information could allow attackers with li-admin privileges to escalate their access, potentially gaining full administrative control over the SIEM. This could lead to manipulation or deletion of logs, undermining incident detection and forensic investigations. Confidential security data could be exposed, and attackers might cover their tracks by altering logs. Organizations in sectors with stringent regulatory requirements (e.g., finance, healthcare, energy) could face compliance violations and reputational damage if this vulnerability is exploited. The medium CVSS score indicates a moderate but non-trivial risk, especially in environments where li-admin privileges are widely assigned or poorly controlled. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once the vulnerability is public. European entities relying on Logpoint SIEM for critical infrastructure protection or regulatory compliance should consider this vulnerability a priority for risk management.

1. Immediately audit and restrict the assignment of li-admin privileges to the minimum necessary personnel to reduce the attack surface. 2. Implement strict network segmentation to limit access to the Logpoint SIEM and its internal services, including Redis, ensuring only authorized systems and users can communicate with these components. 3. Monitor logs and system behavior for unusual access patterns or privilege escalation attempts related to li-admin accounts. 4. Engage with Logpoint support or vendor channels to obtain information on planned patches or workarounds and apply updates promptly once available. 5. Consider deploying additional access control mechanisms such as multi-factor authentication (MFA) for privileged roles to mitigate risk from compromised credentials. 6. Review and harden internal access control policies within the SIEM environment to ensure no excessive permissions are granted inadvertently. 7. Conduct regular security assessments and penetration tests focusing on privilege escalation vectors within the SIEM infrastructure. 8. Maintain an incident response plan that includes scenarios involving SIEM compromise to ensure rapid containment and recovery.