CVE-2025-8415 | THREATINT

Description

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.

PUBLISHED Reserved 2025-07-31 | Published 2025-08-20 | Updated 2025-09-03 | Assigner redhat

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Problem types

Authentication Bypass by Alternate Name

Product status

Default status

affected

0.5.2-3 before *

unaffected

Default status

affected

4.0.2-3 before *

unaffected

Default status

affected

4.0.2-3 before *

unaffected

Default status

affected

4.0.2-3 before *

unaffected

Default status

affected

4.0.2-3 before *

unaffected

Default status

affected

4.0.2-3 before *

unaffected

Default status

affected

4.0.2-3 before *

unaffected

Default status

affected

4.0.2-3 before *

unaffected

Default status

affected

4.0.2-3 before *

unaffected

Default status

affected

4.0.2-3 before *

unaffected

Default status

affected

4.0.2-3 before *

unaffected

Default status

affected

Default status

affected

Default status

affected

Timeline

2025-07-31:	Reported to Red Hat.
2025-08-20:	Made public.

References

access.redhat.com/errata/RHSA-2025:14919 (RHSA-2025:14919) vendor-advisory

access.redhat.com/security/cve/CVE-2025-8415 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2385773 (RHBZ#2385773) issue-tracking

cve.org (CVE-2025-8415)

nvd.nist.gov (CVE-2025-8415)

Download JSON