CVE-2025-47410
published 2025-10-18CVE-2025-47410: Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user.
This issue affects Apache Geode: versions 1.10 through 1.15.1
Users are recommended to upgrade to version 1.15.2, which fixes the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | geode | >= 1.10.0 < 1.15.2 | 1.15.2 |
| apache_software_foundation | apache_geode | >= 1.10.0 < 1.15.2 | 1.15.2 |