CVE-2025-8415 MEDIUM

CVE-2025-8415: Cryostat: authentication bypass if network policies are disabled

Vendor Cryostat
Product Cryostat
Weakness CWE-289
Published August 20, 2025
Last update December 23, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.

Key dates

02Disclosure timeline

August 20, 2025 CVE published
December 23, 2025 Record updated