Strix
26.1K

CVE-2025-23196

HIGHCVSS 8.8/10EPSS 1.24%

Last modified

CVE-2025-23196 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. EPSS estimates a 1.24% chance of exploitation in the next 30 days.

Description

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.24%

65.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ApacheAmbari< 2.7.9

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-23196?
A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari.
How severe is CVE-2025-23196?
CVE-2025-23196 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.24% probability of exploitation in the next 30 days.
How do I fix CVE-2025-23196?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-23196?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST