External risk intelligence

StellarGroup HPX allows attackers to take control of systems.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2025-60889

StellarGroup HPX has a critical flaw allowing unauthenticated attackers to take control of systems by sending malicious data over the network. Act now to protect your systems.

4Halo Surface Signal

Deserialization

Stellar Group Hpx

1.11.0 and earlier

External exposure likelihood

Halo Surface Signal score for CVE-2025-60889

The vulnerability resides in an application's data input processing endpoint. The attack path requires network access to this interface. The bulletin indicates the product is commonly deployed as an internet-facing service that accepts network-borne input, making it often reachable from the public internet.

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in StellarGroup HPX allows for the execution of arbitrary code when processing untrusted input. This is a serious concern because it could allow unauthorized individuals to gain control of affected systems.

Attackers can execute arbitrary code.
Affects systems processing untrusted input.
Reachable from the internet.

Attack Path

How an attacker could exploit the issue

Attackers can exploit this flaw by sending a specially crafted serialized object to an application using StellarGroup HPX 1.11.0, triggering arbitrary code execution. This can lead to a full system compromise.

Network access required.
Untrusted input deserialization.
No authentication needed.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability involves insecure deserialization, a common attack vector that can lead to arbitrary code execution. Given its critical severity and network-accessible attack path without authentication, attackers are likely to be interested in weaponizing it. While there is no explicit mention of active exploitation, the nature of the vulnerability suggests it could be a target for widespread abuse.

Ripe for exploitation.
Potentially widespread impact.
Public exploit details may emerge.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize immediate containment for StellarGroup HPX versions up to and including 1.11.0 due to the critical risk of unauthenticated remote code execution. Teams should focus on identifying all instances of this software and assessing their exposure to untrusted network input. If immediate patching is not feasible, isolating affected systems from the network or ingress traffic is paramount to prevent exploitation.

Isolate affected services.
Block network access to vulnerable endpoints.
Monitor for suspicious network activity.

Frequently asked questions

What is StellarGroup HPX and its primary function within software systems?

StellarGroup HPX is a software component designed to process input data. It is utilized in applications that require data handling and manipulation capabilities.

What type of vulnerability is present in CVE-2025-60889 and what weakness class does it fall under?

CVE-2025-60889 involves insecure deserialization, a weakness where software fails to properly handle data when converting it from a serialized format (CWE-502).

How can an attacker exploit the vulnerability in StellarGroup HPX, and what is the scope of the impact?

An attacker can trigger this vulnerability by sending specially crafted serialized data to an application using StellarGroup HPX. This can lead to arbitrary code execution and potentially a full system compromise.

What makes CVE-2025-60889 a significant concern for organizations, as highlighted by Halo Surface Signal?

Halo classifies this CVE as external and likely to be exploited because the vulnerability is in a network-accessible input processing interface. It is often deployed as an internet-facing service, making it reachable from the public internet.

What immediate actions should be taken to mitigate the risks associated with StellarGroup HPX versions up to 1.11.0?

Organizations should prioritize containing the risk by identifying all instances of StellarGroup HPX 1.11.0. If patching is not immediately possible, isolating affected systems from the network or blocking ingress traffic to vulnerable endpoints is crucial.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.