Unauthorized API Access in Cryostat by Red Hat
CVE-2025-8415

5.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Cryostat 4
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-8415?

A security misconfiguration has been identified in the Cryostat HTTP API, which binds to all network interfaces. When Network Policies are disabled, this exposes the API port to potential external visibility. This vulnerability allows an unauthenticated attacker to access the API, potentially compromising the entire environment. Organizations using affected versions of Cryostat should review their network security settings and implement proper policies to mitigate risk.

References

https://access.redhat.com/security/cve/CVE-2025-8415

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2385773

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Jul 31, 2025