Medium severity5.9OSV Advisory· Published Aug 20, 2025· Updated Apr 15, 2026

CVE-2025-8415

Description

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.

Affected products

Cryostatio/CryostatOSV
Range: v4.0.0, v4.0.0-pre, v4.0.1, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2025:14919nvd
access.redhat.com/security/cve/CVE-2025-8415nvd
bugzilla.redhat.com/show_bug.cginvd
github.com/cryostatio/cryostat/pull/1001nvd
github.com/cryostatio/cryostat/releases/tag/v4.0.2nvd

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000