Apache HertzBeat is an open-source, real-time monitoring system designed for cloud-native environments. It provides monitoring capabilities for various IT infrastructure components, including servers, databases, and applications. HertzBeat offers features such as custom metrics collection, alerting, and visualization through a user-friendly interface.

Apache HertzBeat

Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-48208	HIGH	8.8	Apache HertzBeat	cpe:2.3:a:apache:hertzbeat	No	Yes	Sep 09, 2025
CVE-2025-24404	HIGH	8.8	Apache HertzBeat	cpe:2.3:a:apache:hertzbeat	No	Yes	Sep 09, 2025
CVE-2024-45505	HIGH	8.8	Apache HertzBeat	cpe:2.3:a:apache:hertzbeat	No	Yes	Nov 18, 2024
CVE-2024-45791	HIGH	7.5	Apache HertzBeat	cpe:2.3:a:apache:hertzbeat	No	Yes	Nov 18, 2024
CVE-2024-56736	MEDIUM	6.5	Apache HertzBeat	cpe:2.3:a:apache:hertzbeat	No	Yes	Apr 16, 2025

CVE-2023-51389:
Apache HertzBeat vulnerability analysis and mitigation

9.8

Related Apache HertzBeat vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2023-51389: Apache HertzBeat vulnerability analysis and mitigation