CVE-2025-46547 | THREATINT

Description

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

PUBLISHED Reserved 2025-04-24 | Published 2025-04-25 | Updated 2025-04-25 | Assigner mitre

MEDIUM: 5.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status

unknown

141851 (custom)

affected

References

sherparpa.com

twitter.com/ArtyomBrylev

deiteriy.com

gist.github.com/ArtemBrylev/9af206c46d7505db03ad6fcd9fc46f7f

cve.org (CVE-2025-46547)

nvd.nist.gov (CVE-2025-46547)

Download JSON