CVE-2025-23196
HIGHApache Ambari < 2.7.9 - Authenticated Remote Code Execution via Alert Script Filename
Title source: llmDescription
A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari.
References (2)
Core 2
Core References
Mailing List, Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/01/21/8
Vendor Advisory vendor-advisory
https://lists.apache.org/thread/70g1l5lxvko7kvhyxmtmklhhfrlon837
Scores
CVSS v3
8.8
EPSS
0.0202
EPSS Percentile
84.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
apache/ambari
< 2.7.9
Published
Jan 21, 2025
Tracked Since
Feb 18, 2026