CVE-2025-23196
Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
21 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A code injection vulnerability exists in the Ambari Alert Definition
feature, allowing authenticated users to inject and execute arbitrary
shell commands. The vulnerability arises when defining alert scripts,
where the script filename field is executed using `sh -c`. An attacker
with authenticated access can exploit this vulnerability to inject
malicious commands, leading to remote code execution on the server. The
issue has been fixed in the latest versions of Ambari.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Apache Software Foundation · Apache Ambari