CVE-2025-47410

EPSS 0.03%
Veröffentlicht 18.10.2025 15:15:09
Zuletzt bearbeitet 04.11.2025 22:16:16
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user.


This issue affects Apache Geode: versions 1.10 through 1.15.1

Users are recommended to upgrade to version 1.15.2, which fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Geode Version >= 1.10.0 < 1.15.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://lists.apache.org/thread/k88tv3rhl4ymsvt4h6qsv7sq10q5prrt

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2025/10/17/2

https://nvd.nist.gov/vuln/detail/CVE-2025-47410

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-47410

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-47410

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-47410