CVE-2025-8415
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-09-03
Assigner: Red Hat, Inc.
Description
Description
A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | cryostat | 4.0.2 |
| netty | netty_codec_http2 | * |
| redhat | cryostat | 4.0.0 |
| form_data | form_data | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-289 | The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Cryostat HTTP API, which binds to all network interfaces. If Network Policies are disabled, this allows external visibility and access to the API port. An unauthenticated, malicious attacker could exploit this to compromise the environment.
How can this vulnerability impact me? :
An attacker could gain unauthorized access to the Cryostat HTTP API, potentially jeopardizing the security and integrity of the environment by exploiting the exposed API port.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70