CVE-2025-46547

Name: CVE-2025-46547
Creator: NVD / NIST
Published: 2025-04-25T03:15:20.43+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.1/10EPSS 0.15%

Last modified Jun 17, 2026

CVE-2025-46547 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.. EPSS estimates a 0.15% chance of exploitation in the next 30 days.

Description

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

Metrics

CVSS 3.1

6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

0.15%

4.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions
Sherparpa	Sherpa Orchestrator	141851

References

https://deiteriy.comNot Applicable
https://gist.github.com/ArtemBrylev/9af206c46d7505db03ad6fcd9fc46f7fThird Party Advisory
https://sherparpa.comProduct
https://twitter.com/ArtyomBrylevNot Applicable

Timeline

Published: Apr 25, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-46547?

How severe is CVE-2025-46547?

CVE-2025-46547 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.15% probability of exploitation in the next 30 days.

How do I fix CVE-2025-46547?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-46547?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST