CVE-2025-66361 is a vulnerability identified in Logpoint's Security Information and Event Management (SIEM) product, specifically affecting versions prior to 7.7.0. The root cause is an improper neutralization of special elements used within the product's template engine, classified under CWE-1336. This flaw leads to sensitive information being exposed in system process details when the system experiences high CPU load. The vulnerability manifests as an information disclosure issue where sensitive data remains visible for extended periods, increasing the risk of unauthorized access to confidential information. The CVSS 4.0 base score of 6.9 reflects a medium severity, with an attack vector of network (AV:N), low attack complexity (AC:L), partial authentication required (AT:P), and high privileges needed (PR:H). No user interaction is necessary, and the vulnerability impacts confidentiality with high scope and security requirements. Although no public exploits are known, the exposure of sensitive data in system processes can be leveraged by attackers with elevated privileges to gain insight into the system’s operation or extract confidential information. The vulnerability is particularly concerning in environments with high CPU utilization, where the exposure window is prolonged. The lack of an official patch link suggests that a fix may be pending or forthcoming. Organizations relying on Logpoint SIEM should be aware of this vulnerability and prepare to implement mitigations and updates.

For European organizations, especially those in sectors such as finance, critical infrastructure, and government, this vulnerability poses a significant risk to confidentiality. The exposure of sensitive information during high CPU load could lead to leakage of security logs, credentials, or other critical data, undermining incident response and security monitoring efforts. Since Logpoint SIEM is used to aggregate and analyze security events, any compromise or leakage here could cascade into broader security failures. The requirement for high privileges to exploit the vulnerability limits the attack surface but does not eliminate risk, particularly from insider threats or attackers who have already escalated privileges. Extended exposure during high CPU load periods increases the window for data leakage, which could be exploited in targeted attacks. The absence of known exploits reduces immediate risk but does not preclude future exploitation. European organizations with large-scale deployments or those experiencing high system loads are more vulnerable to the impact. The vulnerability could also affect compliance with data protection regulations such as GDPR if sensitive personal data is exposed.

1. Restrict access to system process information and logs to only trusted administrators to reduce the risk of sensitive data exposure. 2. Monitor CPU utilization closely and investigate unusual spikes that could increase the exposure window. 3. Implement strict privilege management to minimize the number of users with high-level access to the SIEM system. 4. Apply vendor patches or updates as soon as they become available to remediate the vulnerability. 5. Use network segmentation and access controls to limit exposure of the SIEM system to only necessary network segments. 6. Conduct regular audits of system process information exposure and review logs for signs of unauthorized access. 7. Consider deploying additional monitoring tools to detect anomalous access patterns or data exfiltration attempts related to the SIEM. 8. Engage with Logpoint support or security advisories to stay informed about patch releases and mitigation guidance.