CVE-2025-46547

Name of the Vulnerable Software and Affected Versions Sherpa Orchestrator version 141851

Description The web application lacks protection against CSRF attacks, allowing an attacker to conduct XSS attacks, add a new user or role, or exploit a SQL injection issue.

Recommendations For Sherpa Orchestrator version 141851, consider implementing protection against CSRF attacks to prevent exploitation. As a temporary workaround, restrict access to sensitive features that could be exploited through CSRF attacks, such as user or role management. Avoid using the web application for sensitive operations until the CSRF protection issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.