CVE-2025-47410

Source
https://cve.org/CVERecord?id=CVE-2025-47410
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47410.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-47410
Aliases
Published
2025-10-18T15:15:09.547Z
Modified
2026-07-08T06:28:11.398328487Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system
Details

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user.

This issue affects Apache Geode: versions 1.10 through 1.15.1

Users are recommended to upgrade to version 1.15.2, which fixes the issue.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "1.10.0"
                },
                {
                    "fixed": "1.15.2"
                }
            ]
        },
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "introduced": "1.10"
                },
                {
                    "fixed": "1.15.1"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/47xxx/CVE-2025-47410.json",
    "cna_assigner": "apache",
    "cwe_ids": [
        "CWE-352"
    ]
}
References

Affected packages

Git / github.com/apache/geode

Affected ranges

Type
GIT
Repo
https://github.com/apache/geode
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:apache:geode:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.10.0"
        },
        {
            "fixed": "1.15.2"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47410.json"