CVE-2025-29868

EPSS 0.41%
Published 01.04.2025 08:15:14
Last modified 15.04.2025 13:07:54
Source security@apache.org
Teams watchlist Login
Open Login

Private Data Structure Returned From A Public Method vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.4.2.

If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of that accessing user.
Users are recommended to upgrade to version 1.4.5, which fixes the issue. In the new version, administrators can set whether external content can be displayed.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Answer Version <= 1.4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.41%	0.607

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-495 Private Data Structure Returned From A Public Method

The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

https://lists.apache.org/thread/l7pohw5g03g3qsvrz8pqc9t29mdv5lhf

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/01/2

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/02/1

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/10/3

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-29868

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-29868

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-29868

EUVD