Data Exposure in Apache Answer Allows Inadvertent Leakage of User Information
CVE-2025-29868

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Answer
Vendor: CVE Published:; 1 April 2025

Summary

A vulnerability in Apache Answer allows private data to be retrieved through a public method, specifically when users access externally referenced images. This can lead to the unintentional exposure of sensitive information, such as the user's IP address, to the image provider. To mitigate this risk, users are advised to update to version 1.4.5, which introduces administrative controls to manage the display of external content.

Affected Version(s)

Apache Answer 0 <= 1.4.2

References

https://lists.apache.org/thread/l7pohw5g03g3qsvrz8pqc9t29...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 12, 2025

Credit

Hamed Kohi

Luke Smith