CNNVD-202510-2497 Information
CNNVD ID
CNNVD-202510-2497
Related CVE
- CNNVD Published: 2025-10-18
Description (Chinese)
Apache Geode是美国阿帕奇(Apache)基金会的一套应用于分布式云架构中提供对数据密集型应用程序实时和一致访问数据的管理平台。 Apache Geode 1.15.1及之前版本存在跨站请求伪造漏洞,该漏洞源于管理监控REST API的GET请求容易受到跨站请求伪造攻击,可能导致攻击者提交恶意命令。
Description (English)
Apache Geode is a management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud structures for the Apache Foundation in the United States. Apache Geode 1.15.1 and previous versions had a false gap in cross-site requests, which arose out of the fact that the GET request for control of REST API was vulnerable to cross-site requests for falsifying attacks and could lead to malicious orders from the attackers.
Hazard Level
High
Vulnerability Type
跨站请求伪造
Affected Vendor
阿帕奇
Published
2025-10-18
Last Modified
2026-02-24
References
https://lists.apache.org/thread/k88tv3rhl4ymsvt4h6qsv7sq10q5prrt https://access.redhat.com/security/cve/cve-2025-47410
Patch
https://geode.apache.org/releases/
Share on: