VDB
CVE-2025-8415
CVE-2025-8415
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.
EPSS 0.05% · 16.6th percentile
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.05%
16.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Cryostat 4 on RHEL 9 | 4.0.2-3 |
| Red Hat | Cryostat 4 on RHEL 9 | 4.0.2-3 |
| Red Hat | Cryostat 4 on RHEL 9 | 4.0.2-3 |
| Red Hat | Cryostat 4 on RHEL 9 | 4.0.2-3 |
| Red Hat | Cryostat 4 | |
| Red Hat | Cryostat 4 on RHEL 9 | 4.0.2-3 |
| Cryostat | Cryostat | 0 |
| Red Hat | Cryostat 4 | |
| Red Hat | Cryostat 4 on RHEL 9 | 4.0.2-3 |
| Red Hat | Cryostat 4 on RHEL 9 | 4.0.2-3 |
| Red Hat | Cryostat 4 | |
| Red Hat | Cryostat 4 on RHEL 9 | 0.5.2-3 |
| Red Hat | Cryostat 4 on RHEL 9 | 4.0.2-3 |
| Red Hat | Cryostat 4 on RHEL 9 | 4.0.2-3 |
| Red Hat | Cryostat 4 on RHEL 9 | 4.0.2-3 |
Exploit Intelligence
- CIRCL seen: CVE-2025-8415 (circl-sighting)
- RHSA-2025:14919 (circl)
- https://access.redhat.com/security/cve/CVE-2025-8415 (circl)
- RHBZ#2385773 (circl)
- https://github.com/cryostatio/cryostat/pull/1001 (circl)
- https://github.com/cryostatio/cryostat/releases/tag/v4.0.2 (circl)
- seen_cves.json (github-poc)
- seen_cves.json (github-poc)
- seen_cves.json (github-poc)
- seen_cves.json (github-poc)
…and 1 more exploits
Timeline
- Aug 20, 2025 CVE Published
- Aug 20, 2025 PoC Published
- Aug 21, 2025 EPSS Score
- Aug 29, 2025 EPSS Score
- Sep 6, 2025 EPSS Score
- Sep 14, 2025 EPSS Score
- Sep 22, 2025 EPSS Score
- Sep 30, 2025 EPSS Score
- Oct 8, 2025 EPSS Score
- Oct 16, 2025 EPSS Score
- Oct 24, 2025 EPSS Score
- Nov 1, 2025 EPSS Score