Miggo Logo

CVE-2025-47410: Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

8.8

CVSS Score
3.1

Basic Information

EPSS Score
0.00545%
Published
10/18/2025
Updated
10/20/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.geode:geode-webmaven>= 1.10.0, < 1.15.21.15.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability described is a Cross-Site Request Forgery (CSRF) in the Apache Geode Management and Monitoring REST API. The provided commit 570990909e6fd1e491f01471ad30ee3c2dbff72c directly addresses this issue. The patch modifies the ShellCommandsController.java file, specifically changing the @RequestMapping annotation for the command method. Previously, the endpoint /management/commands accepted both GET and POST requests. The patch removes RequestMethod.GET, restricting the endpoint to only RequestMethod.POST. This is a standard and effective mitigation for CSRF vulnerabilities, as it prevents attackers from executing commands through malicious URLs that trigger GET requests. Therefore, the command function within the ShellCommandsController is the vulnerable function, as it was the entry point for the CSRF attack.

Vulnerable functions

org.apache.geode.management.internal.web.controllers.ShellCommandsController.command
geode-web/src/main/java/org/apache/geode/management/internal/web/controllers/ShellCommandsController.java
The `command` function was vulnerable to Cross-Site Request Forgery (CSRF) because it accepted GET requests. An attacker could craft a malicious URL that, when clicked by an authenticated user, would execute arbitrary commands on the Geode system. The patch mitigates this by restricting the endpoint to only accept POST requests, which prevents simple CSRF attacks via malicious links.

WAF Protection Rules

WAF Rule

*p**** **o** is vuln*r**l* to *SR* *tt**ks t*rou** **T r*qu*sts to t** M*n***m*nt *n* Monitorin* R*ST *PI t**t *oul* *llow *n *tt**k*r w*o **s tri*k** * us*r into *ivin* up t**ir **o** s*ssion *r***nti*ls to su*mit m*li*ious *omm*n*s on t** t*r**t sy

Reasoning

T** vuln*r**ility **s*ri*** is * *ross-Sit* R*qu*st *or**ry (*SR*) in t** *p**** **o** M*n***m*nt *n* Monitorin* R*ST *PI. T** provi*** *ommit `****************************************` *ir**tly ***r*ss*s t*is issu*. T** p*t** mo*i*i*s t** `S**ll*omm