CVE-2025-15097
Alteryx Server status improper authentication
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.9EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
26 dez 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
Alteryx · ServerQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://gist.github.com/apostolovd/f84631eed2f0c0e83e2e174b1480f08chttps://help.alteryx.com/release-notes/en/release-notes/server-release-notes/server-2025-1-release-notes.htmlhttps://ict-strypes.eu/wp-content/uploads/2025/12/Alteryx-Second-Research.pdfhttps://vuldb.com/?ctiid.338428https://vuldb.com/?id.338428https://vuldb.com/?submit.710169