← voltar
CVE-2025-47410

Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

CVSS 8.8 HIGHEPSS 0.3%CWE-352
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
18 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This issue affects Apache Geode: versions 1.10 through 1.15.1 Users are recommended to upgrade to version 1.15.2, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H