CVE-2025-47410

Name of the Vulnerable Software and Affected Versions Apache Geode versions 1.10 through 1.15.1

Description Apache Geode is susceptible to Cross-Site Request Forgery (CSRF) attacks via GET requests to the Management and Monitoring REST API. Successful exploitation could allow an attacker to execute malicious commands on a target system, acting on behalf of an authenticated user who has been tricked into revealing their Geode session credentials. The vulnerable API allows the execution of gfsh commands.

Recommendations Upgrade to version 1.15.2 to resolve the issue.