Cryostat HTTP API binds to all interfaces, enabling external access
CVE-2025-8415 Published on August 20, 2025

Cryostat: authentication bypass if network policies are disabled
A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-8415 can be exploited with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Timeline

2025-07-31

Reported to Red Hat.

2025-08-20

Made public. 20 days later.

Weakness Type

Authentication Bypass by Alternate Name

The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

Products Associated with CVE-2025-8415

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-8415 are published in Red Hat Cryostat:

Red Hat Cryostat

Affected Versions

Cryostat:

Before 4.0.2 is affected.

Red Hat Cryostat 4 on RHEL 9:

Version 0.5.2-3 and below * is unaffected.

Red Hat Cryostat 4 on RHEL 9:

Version 4.0.2-3 and below * is unaffected.

Red Hat Cryostat 4 on RHEL 9:

Version 4.0.2-3 and below * is unaffected.

Red Hat Cryostat 4 on RHEL 9:

Version 4.0.2-3 and below * is unaffected.

Red Hat Cryostat 4 on RHEL 9:

Version 4.0.2-3 and below * is unaffected.

Red Hat Cryostat 4 on RHEL 9:

Version 4.0.2-3 and below * is unaffected.

Red Hat Cryostat 4 on RHEL 9:

Version 4.0.2-3 and below * is unaffected.

Red Hat Cryostat 4 on RHEL 9:

Version 4.0.2-3 and below * is unaffected.

Red Hat Cryostat 4 on RHEL 9:

Version 4.0.2-3 and below * is unaffected.

Red Hat Cryostat 4 on RHEL 9:

Version 4.0.2-3 and below * is unaffected.

Red Hat Cryostat 4 on RHEL 9:

Version 4.0.2-3 and below * is unaffected.

Red Hat Cryostat 4: Red Hat Cryostat 4: Red Hat Cryostat 4:

Exploit Probability

EPSS

0.03%

Percentile

9.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Cryostat HTTP API binds to all interfaces, enabling external accessCVE-2025-8415 Published on August 20, 2025

Vulnerability Analysis

Timeline

Weakness Type

Authentication Bypass by Alternate Name

Products Associated with CVE-2025-8415

Affected Versions

Exploit Probability

Cryostat HTTP API binds to all interfaces, enabling external access
CVE-2025-8415 Published on August 20, 2025