Server-Side Request Forgery Vulnerability in Apache HertzBeat
CVE-2024-56736

Currently unrated

Key Information:

Vendor: Apache
Status: HertzBeat
Vendor: CVE Published:; 16 April 2025

Summary

The vulnerability in Apache HertzBeat, an incubating project, allows attackers to exploit Server-Side Request Forgery (SSRF) issues, potentially compromising internal systems. This affects all versions prior to 1.7.0. Users are strongly advised to upgrade to version 1.7.0 to mitigate this risk and secure their applications from unauthorized access.

References

http://www.openwall.com/lists/oss-security/2025/04/16/1

https://lists.apache.org/thread/kdzg36h9yxp0q0n4lhcfppxnt...

https://lists.apache.org/thread/lwfhsllos1rx9v8k0yhl252cb...

Timeline

Vulnerability published
Apr 16, 2025