216.73.217.176

CVE-2025-47410

· Published 18/10/2025 16:15 · Modified 18/10/2025 16:15

Labels: CVE-2025-47410 2025-10-18CVE-2025-47410CWE-352[email protected]

Essential information

Published
18/10/2025 16:15
Modified
18/10/2025 16:15
Author
Creator
CISA KEV
No
CWE

Description

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This issue affects Apache Geode: versions 1.10 through 1.15.1 Users are recommended to upgrade to version 1.15.2, which fixes the issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
apache / geode cpe:2.3:a:apache:geode:1.10:*:*:*:*:*:*:*
apache / geode cpe:2.3:a:apache:geode:1.11:*:*:*:*:*:*:*
apache / geode cpe:2.3:a:apache:geode:1.12:*:*:*:*:*:*:*
apache / geode cpe:2.3:a:apache:geode:1.13:*:*:*:*:*:*:*
apache / geode cpe:2.3:a:apache:geode:1.14:*:*:*:*:*:*:*
apache / geode cpe:2.3:a:apache:geode:1.15:*:*:*:*:*:*:*

References