CVE-2025-8415

Published: Aug 20, 2025

Modified: Dec 23, 2025

PUBLISHED

CVSS v3.1

5.9

MEDIUM

Description

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.

Vendor	Product	Versions
Cryostat	Cryostat	affected `0 - < 4.0.2`
Red Hat	Cryostat 4 on RHEL 9	unaffected `0.5.2-3 - < *`
Red Hat	Cryostat 4 on RHEL 9	unaffected `4.0.2-3 - < *`
Red Hat	Cryostat 4 on RHEL 9	unaffected `4.0.2-3 - < *`
Red Hat	Cryostat 4 on RHEL 9	unaffected `4.0.2-3 - < *`
Red Hat	Cryostat 4 on RHEL 9	unaffected `4.0.2-3 - < *`
Red Hat	Cryostat 4 on RHEL 9	unaffected `4.0.2-3 - < *`
Red Hat	Cryostat 4 on RHEL 9	unaffected `4.0.2-3 - < *`
Red Hat	Cryostat 4 on RHEL 9	unaffected `4.0.2-3 - < *`
Red Hat	Cryostat 4 on RHEL 9	unaffected `4.0.2-3 - < *`
Red Hat	Cryostat 4 on RHEL 9	unaffected `4.0.2-3 - < *`
Red Hat	Cryostat 4 on RHEL 9	unaffected `4.0.2-3 - < *`
Red Hat	Cryostat 4	All versions
Red Hat	Cryostat 4	All versions
Red Hat	Cryostat 4	All versions