What is CVE-2025-8415?

CVE-2025-8415 is a medium-severity vulnerability in Cryostat, classified under CWE-289. CVSS score: 5.9/10. Published 2025-08-20.

How severe is CVE-2025-8415?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Cryostat

CVE-2025-8415

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malici…

EPSS: 0.001 (16.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cryostat — versions 0
Red Hat Cryostat 4
Red Hat Cryostat 4 On Rhel 9 — versions 0.5.2-3, 4.0.2-3

Weakness classification (CWE)

CWE-289

References

RHSA-2025:14919 (vendor-advisory, x_refsource_REDHAT)
access.redhat.com/security/cve/CVE-2025-8415 (vdb-entry, x_refsource_REDHAT)
RHBZ#2385773 (issue-tracking, x_refsource_REDHAT)
github.com/cryostatio/cryostat/pull/1001
github.com/cryostatio/cryostat/releases/tag/v4.0.2

Frequently asked questions

What is CVE-2025-8415?: CVE-2025-8415 is a medium-severity vulnerability in Cryostat, classified under CWE-289. CVSS score: 5.9/10. Published 2025-08-20.
How severe is CVE-2025-8415?: Medium severity. CVSS v3 base score is 5.9 out of 10.