CVE-2025-8415

EUVD-2025-25390
A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
redhatCNA
5.9 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:14919
https://access.redhat.com/security/cve/CVE-2025-8415
https://bugzilla.redhat.com/show_bug.cgi?id=2385773
https://github.com/cryostatio/cryostat/pull/1001
https://github.com/cryostatio/cryostat/releases/tag/v4.0.2