CVE-2025-66361 is a vulnerability identified in Logpoint's Security Information and Event Management (SIEM) product, affecting versions prior to 7.7.0. The root cause is improper neutralization of special elements used in the product's template engine, classified under CWE-1336. This flaw leads to sensitive information leakage by exposing confidential data within system process details during periods of high CPU utilization. The vulnerability arises because the template engine fails to correctly sanitize or neutralize special characters or elements, which can cause sensitive data to be rendered or logged in an unsafe manner. The exposure window is extended during high CPU load, increasing the risk of data leakage. The CVSS 4.0 vector indicates the attack can be performed remotely over the network with low complexity, but requires partial authentication with high privileges, and no user interaction is needed. The impact is primarily on confidentiality, with high confidentiality impact and no integrity or availability impact. No public exploits are known at this time, but the vulnerability poses a risk to organizations relying on Logpoint SIEM for security monitoring and incident response, as sensitive data exposure could aid attackers in reconnaissance or lateral movement.

For European organizations, the exposure of sensitive information in Logpoint SIEM during high CPU load can lead to significant confidentiality breaches. Since SIEM systems aggregate and analyze security logs and events, leaked data could include credentials, internal system details, or security configurations, which attackers could leverage to escalate privileges or evade detection. This is particularly critical for sectors with stringent data protection requirements such as finance, healthcare, and critical infrastructure. The vulnerability could undermine trust in security monitoring capabilities and complicate incident response. Additionally, exposure of sensitive data may lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. The requirement for high privilege authentication limits the attack surface but does not eliminate risk, especially if insider threats or compromised accounts exist. The lack of known exploits reduces immediate risk but does not preclude future exploitation attempts.

Organizations should immediately assess their Logpoint SIEM deployments to determine if they are running versions prior to 7.7.0 and plan for prompt upgrade once patches are released. In the interim, restrict access to SIEM systems to only trusted administrators with strict privilege controls and monitor for unusual high CPU load conditions that may increase exposure risk. Implement enhanced logging and alerting on system process information access, especially during peak load times. Conduct regular audits of user privileges to minimize the number of high privilege accounts. Network segmentation and strong authentication mechanisms (e.g., multi-factor authentication) should be enforced to reduce the likelihood of unauthorized access. Additionally, consider deploying runtime application self-protection (RASP) or web application firewalls (WAF) that might detect anomalous template engine behavior. Finally, maintain vigilant monitoring for any emerging exploit reports or indicators of compromise related to this vulnerability.