Severity: moderate Affected versions:
- Apache HertzBeat (incubating) before 1.7.0 Description: XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue. Credit: unam4 (finder) springkill (finder) Zoiltin (finder) References: https://hertzbeat.apache.org https://www.cve.org/CVERecord?id=CVE-2025-24404
