Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user.
This issue affects Apache Geode: versions 1.10 through 1.15.1
Users are recommended to upgrade to version 1.15.2, which fixes the issue.
{
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.15.2"
}
]
},
{
"source": "DESCRIPTION",
"extracted_events": [
{
"introduced": "1.10"
},
{
"fixed": "1.15.1"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/47xxx/CVE-2025-47410.json",
"cna_assigner": "apache",
"cwe_ids": [
"CWE-352"
]
}