Server-Side Request Forgery Vulnerability in Apache HertzBeat
CVE-2024-56736

Currently unrated

Key Information:

Vendor: Apache
Status: HertzBeat
Vendor: CVE Published:; 16 April 2025

What is CVE-2024-56736?

The vulnerability in Apache HertzBeat, an incubating project, allows attackers to exploit Server-Side Request Forgery (SSRF) issues, potentially compromising internal systems. This affects all versions prior to 1.7.0. Users are strongly advised to upgrade to version 1.7.0 to mitigate this risk and secure their applications from unauthorized access.

References

http://www.openwall.com/lists/oss-security/2025/04/16/1

https://lists.apache.org/thread/kdzg36h9yxp0q0n4lhcfppxnt...

https://lists.apache.org/thread/lwfhsllos1rx9v8k0yhl252cb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025