CVE-2025-8415

medium

Description

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2385773

https://access.redhat.com/security/cve/CVE-2025-8415

Details

Source: Mitre, NVD

Published: 2025-08-20

Updated: 2025-08-20

Risk Information

CVSS v2

Base Score: 6.2

Vector: CVSS2#AV:N/AC:H/Au:M/C:C/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00026