High severityNVD Advisory· Published Oct 18, 2025· Updated Nov 4, 2025
Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system
CVE-2025-47410
Description
Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user.
This issue affects Apache Geode: versions 1.10 through 1.15.1
Users are recommended to upgrade to version 1.15.2, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.geode:geode-webMaven | >= 1.10.0, < 1.15.2 | 1.15.2 |
Affected products
2- Apache Software Foundation/Apache Geodev5Range: 1.10.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-gjp8-99fv-cgcwghsaADVISORY
- lists.apache.org/thread/k88tv3rhl4ymsvt4h6qsv7sq10q5prrtghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-47410ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/10/17/2ghsaWEB
- github.com/apache/geode/commit/570990909e6fd1e491f01471ad30ee3c2dbff72cghsaWEB
News mentions
0No linked articles in our index yet.