CVE-2025-8415

Source
https://cve.org/CVERecord?id=CVE-2025-8415
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8415.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-8415
Published
2025-08-20T16:14:33.566Z
Modified
2026-07-15T01:48:57.424513924Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Cryostat: authentication bypass if network policies are disabled
Details

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.

Database specific
{
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-289"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/8xxx/CVE-2025-8415.json"
}
References

Affected packages

Git / github.com/cryostatio/cryostat

Affected ranges

Type
GIT
Repo
https://github.com/cryostatio/cryostat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.0.2"
        }
    ]
}

Affected versions

v4.*
v4.0.0
v4.0.0-pre
v4.0.1
v4.0.1-dev

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8415.json"