CVE-2025-8415 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-8415 PUBLISHED CVSS 5.900000095367432 MEDIUM

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.

EPSS 0.04% · 10.6th percentile

Risk Scores

CVSS v3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.04%

10.6th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Cryostat 4 on RHEL 9	4.0.2-3
Red Hat	Cryostat 4 on RHEL 9	4.0.2-3
Red Hat	Cryostat 4 on RHEL 9	4.0.2-3
Red Hat	Cryostat 4 on RHEL 9	4.0.2-3
Red Hat	Cryostat 4
Red Hat	Cryostat 4 on RHEL 9	4.0.2-3
Cryostat	Cryostat	0
Red Hat	Cryostat 4
Red Hat	Cryostat 4 on RHEL 9	4.0.2-3
Red Hat	Cryostat 4 on RHEL 9	4.0.2-3
Red Hat	Cryostat 4
Red Hat	Cryostat 4 on RHEL 9	0.5.2-3
Red Hat	Cryostat 4 on RHEL 9	4.0.2-3
Red Hat	Cryostat 4 on RHEL 9	4.0.2-3
Red Hat	Cryostat 4 on RHEL 9	4.0.2-3

Timeline

Aug 20, 2025 CVE Published
Aug 20, 2025 PoC Published
Aug 21, 2025 EPSS Score
Aug 28, 2025 EPSS Score
Sep 5, 2025 EPSS Score
Sep 12, 2025 EPSS Score
Sep 20, 2025 EPSS Score
Sep 27, 2025 EPSS Score
Oct 5, 2025 EPSS Score
Oct 12, 2025 EPSS Score
Oct 20, 2025 EPSS Score
Oct 27, 2025 EPSS Score

References

RHSA-2025:14919 vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-8415 vdb
RHBZ#2385773 issue
https://github.com/cryostatio/cryostat/pull/1001 url
https://github.com/cryostatio/cryostat/releases/tag/v4.0.2 url
https://nvd.nist.gov/vuln/detail/CVE-2025-8415 advisory

Open in Interactive Console →