CVE-2025-23196 — Command Injection in Software Foundation Apache Ambari

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

2.0%

top 16.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Ambari Apache Ambari

Timeline

PublishedJan 21

Latest updateJan 22

Description

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDapache/ambari< 2.7.9

▶CVEListV5apache_software_foundation/apache_ambari8 — 2.7.9

🔴Vulnerability Details

GHSA

GHSA-37rh-2c9j-68mm: A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell comma↗2025-01-22

▶

CVEList

Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition↗2025-01-21

▶