{"schema_version": "1.6.1", "id": "CVE-2025-47410", "summary": "CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system", "details": "Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user.\n\n\nThis issue affects Apache Geode: versions 1.10 through 1.15.1\n\nUsers are recommended to upgrade to version 1.15.2, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "1.10.0"}, {"fixed": "1.15.2"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/k88tv3rhl4ymsvt4h6qsv7sq10q5prrt"}]}