CVE-2025-8415

Sažetak

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.

Reference

https://access.redhat.com/errata/RHSA-2025:14919
https://access.redhat.com/security/cve/CVE-2025-8415
https://bugzilla.redhat.com/show_bug.cgi?id=2385773
https://github.com/cryostatio/cryostat/pull/1001
https://github.com/cryostatio/cryostat/releases/tag/v4.0.2

CVSS

Base:	5.9
Impact:	5.2
Exploitability:	0.7

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Zadnje važnije ažuriranje

23-12-2025 - 23:15

Objavljeno

20-08-2025 - 17:15