← back
CVE-2025-23196

Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition

CVSS 8.8 HIGHEPSS 1.2%CWE-77
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
21 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H