CVE-2025-23196

HIGH

Apache Ambari < 2.7.9 - Command Injection

Title source: rule

Description

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari.

References (2)

[Vendor Advisory] https://lists.apache.org/thread/70g1l5lxvko7kvhyxmtmklhhfrlon837

[Mailing List, Vendor Advisory] http://www.openwall.com/lists/oss-security/2025/01/21/8

Scores

CVSS v3 8.8

EPSS 0.0119

EPSS Percentile 78.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-77

Status published

Affected Products (1)

apache/ambari < 2.7.9

Timeline

Published Jan 21, 2025

Tracked Since Feb 18, 2026