CVE-2025-1044
Published: 11 February 2025
Summary
CVE-2025-1044 is a critical-severity Improper Authentication (CWE-287) vulnerability in Logsign Unified Secops Platform. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2025-1044 is an authentication bypass vulnerability in the Logsign Unified SecOps Platform. The flaw resides in the web service component that listens on TCP port 443 and stems from improper implementation of the authentication algorithm, allowing remote attackers to circumvent login controls entirely.
Unauthenticated attackers can exploit the issue over the network to gain unauthorized access to the platform, potentially achieving full control over affected installations given the CVSS vector that includes high impact to confidentiality, integrity, and availability.
Public advisories from Zero Day Initiative and Logsign reference the issue as ZDI-CAN-25336 and point to version 6.4.32 release notes for remediation details.
EPSS scores for the CVE rose from a low of 0.0047 to a peak of 0.0116, indicating emerging exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1978
Vulnerability details
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which…
more
listens on TCP port 443 by default. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25336.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authentication bypass in public-facing web service (port 443) directly enables remote exploitation without credentials.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for logical access to system resources, directly preventing unauthorized access resulting from the authentication bypass in the web service.
Requires identification and authentication of users before system access, addressing the lack of proper authentication algorithm implementation in the Logsign platform.
Explicitly identifies and restricts actions permitted without identification or authentication, mitigating exploitation where authentication can be bypassed on the web service.