oss-security - CVE-2025-47410: Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <fc3ba4c4-0246-447b-1bc0-8d1feca16302@apache.org>
Date: Fri, 17 Oct 2025 16:01:45 +0000
From: William Hodges <whodges@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2025-47410: Apache Geode: CSRF attacks through GET requests to
 the Management and Monitoring REST API that can execute gfsh commands on
 the target system 

Severity: moderate 

Affected versions:

- Apache Geode (org.apache.geode:geode-web) 1.10.0 before 1.15.2

Description:

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user.

This issue affects Apache Geode: versions 1.10 through 1.15.1

Users are recommended to upgrade to version 1.15.2, which fixes the issue.

Credit:

S. M. Zuhair Zaki (finder)

References:

https://geode.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-47410

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.