Apache Geode: CSRF attacks through GET requests to the Management...

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user.

This issue affects Apache Geode: versions 1.10 through 1.15.1

Users are recommended to upgrade to version 1.15.2, which fixes the issue.

AI Analysis

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API

Basic Information

ID CVE-2025-47410

Source apache

Published Oct 18, 2025 at 15:15

Modified Oct 20, 2025 at 13:45

Affected Product

Vendor Apache Software Foundation

Product Apache Geode

Version 1.10.0

Affected Versions Apache Software Foundation Apache Geode 1.10.0

CWE Classification

CWE-352

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Apache Software Foundation

Product Apache Geode

Version 1.10-1.15.1

References

lists.apache.org /thread/k88tv3rhl4ymsvt4h6qsv7sq10q5prrt

{
    "lastseen": "",
    "description": "Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user.\n\n\nThis issue affects Apache Geode: versions 1.10 through 1.15.1\n\nUsers are recommended to upgrade to version 1.15.2, which fixes the issue.",
    "published": "2025-10-18T15:15:09.547Z",
    "modified": "2025-10-20T13:45:30.158Z",
    "type": "cve",
    "title": "Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system",
    "source": "apache",
    "references": "https://lists.apache.org/thread/k88tv3rhl4ymsvt4h6qsv7sq10q5prrt",
    "id": "CVE-2025-47410",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Geode 1.10.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Geode",
    "version": "1.10.0",
    "vendor": "Apache Software Foundation",
    "ai_description": "Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API",
    "ai_severity": "High",
    "ai_vendor": "Apache Software Foundation",
    "ai_product": "Apache Geode",
    "ai_version": "1.10-1.15.1",
    "ai_score": 8.8
}

Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system_CVE-2025-47410