Cyber Resilience

CVE-2025-1044

Critical

Published: 11 February 2025

Published
11 February 2025
Modified
18 February 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0047 64.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1044 is a critical-severity Improper Authentication (CWE-287) vulnerability in Logsign Unified Secops Platform. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-1044 is an authentication bypass vulnerability in the Logsign Unified SecOps Platform. The flaw resides in the web service component that listens on TCP port 443 and stems from improper implementation of the authentication algorithm, allowing remote attackers to circumvent login controls entirely.

Unauthenticated attackers can exploit the issue over the network to gain unauthorized access to the platform, potentially achieving full control over affected installations given the CVSS vector that includes high impact to confidentiality, integrity, and availability.

Public advisories from Zero Day Initiative and Logsign reference the issue as ZDI-CAN-25336 and point to version 6.4.32 release notes for remediation details.

EPSS scores for the CVE rose from a low of 0.0047 to a peak of 0.0116, indicating emerging exploitation interest after disclosure.

EU & UK References

Vulnerability details

Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which…

more

listens on TCP port 443 by default. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25336.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Authentication bypass in public-facing web service (port 443) directly enables remote exploitation without credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287
CVE-2024-57046Shared CWE-287
CVE-2026-1203Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2025-43995Shared CWE-287
CVE-2026-7876Shared CWE-287
CVE-2025-0637Shared CWE-287
CVE-2025-61882Shared CWE-287
CVE-2026-0589Shared CWE-287

Affected Assets

logsign
unified secops platform
≤ 6.4.32

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to system resources, directly preventing unauthorized access resulting from the authentication bypass in the web service.

prevent

Requires identification and authentication of users before system access, addressing the lack of proper authentication algorithm implementation in the Logsign platform.

prevent

Explicitly identifies and restricts actions permitted without identification or authentication, mitigating exploitation where authentication can be bypassed on the web service.

References