CVE-2025-54316 in Logpointinfo

Summary

by MITRE • 07/20/2025

An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, making it vulnerable to cross-site scripting (XSS) attacks.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/30/2025

The vulnerability identified as CVE-2025-54316 represents a critical cross-site scripting weakness in Logpoint versions prior to 7.6.0, specifically within the report template engine functionality. This issue arises from the improper handling of user-supplied Jinja templates during report creation processes, creating a pathway for malicious actors to inject persistent XSS payloads. The vulnerability operates through the chaining of built-in filter functions within the Jinja template system, which allows attackers to construct sophisticated payload sequences that bypass standard security controls. The Logpoint Report Template engine processes these malicious templates without adequate sanitization, resulting in the execution of arbitrary JavaScript code in the context of affected user sessions.

The technical flaw stems from insufficient input validation and output encoding within the template processing pipeline of Logpoint's reporting module. When users create custom reports using Jinja templates, the system fails to properly sanitize or escape template variables that contain user-controlled content. This weakness enables attackers to exploit the template engine's filter chaining capabilities to construct XSS payloads that can execute in the browser of any user who views the malicious report. The vulnerability is particularly dangerous because it leverages legitimate template functionality to deliver malicious code, making detection more challenging and allowing attackers to bypass traditional security measures that might not recognize the malicious nature of the template chain.

The operational impact of this vulnerability extends beyond simple XSS execution, as it can lead to complete session hijacking, data exfiltration, and potential lateral movement within affected environments. Attackers can craft templates that steal cookies, redirect users to malicious sites, or inject additional malicious payloads that can compromise the entire Logpoint instance. The vulnerability affects all users who have access to report creation functionality, making it particularly concerning for organizations that grant broad reporting privileges. Additionally, since the vulnerability exists in the template engine itself, it can be exploited by users with relatively low privileges, potentially allowing for privilege escalation or persistent backdoor establishment through crafted report templates.

Organizations should immediately upgrade to Logpoint version 7.6.0 or later to address this vulnerability, as no effective workarounds exist for the core template processing logic. The fix implemented in version 7.6.0 includes enhanced template validation, stricter filter parameter handling, and comprehensive output encoding for all user-supplied template content. Security teams should also implement network-based detection measures to monitor for suspicious template creation activities and consider temporarily restricting report template creation privileges until the upgrade is complete. This vulnerability aligns with CWE-79 - Cross-site Scripting and maps to ATT&CK technique T1566.001 - Phishing: Spearphishing Attachment, as attackers can use malicious templates to deliver payloads that compromise user systems through crafted report files.

Responsible

MITRE

Reservation

07/20/2025

Disclosure

07/20/2025

Moderation

accepted

CPE

ready

EPSS

0.00206

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!