Information Disclosure Vulnerability in Geyang ML-Logger
CVE-2025-10952

6.9MEDIUM

Key Information:

Vendor

Geyang

Status
Ml-logger
Vendor
CVE Published:
25 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-10952?

A security flaw exists in Geyang ML-Logger that affects the stream_handler function within the ml_logger/server.py file of the File Handler component. This vulnerability allows an attacker to exploit the application remotely through manipulation of the argument key, potentially leading to unauthorized information disclosure. As the product employs continuous delivery with rolling releases, precise version information for affected and updated releases is not available.

Affected Version(s)

ml-logger acf255bade5be6ad88d90735c8367b28cbe3a743

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-10952 - Proof of Concept

References

https://vuldb.com/?id.325822
vdb-entrytechnical-description
https://vuldb.com/?ctiid.325822
signaturepermissions-required
https://vuldb.com/?submit.652463
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

0x1f (VulDB User)
JSON
.
CVE-2025-10952 : Information Disclosure Vulnerability in Geyang ML-Logger