CVE-2025-29868
MEDIUMApache Answer <1.4.2 - Info Disclosure
Title source: llmDescription
Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of that accessing user. Users are recommended to upgrade to version 1.4.5, which fixes the issue. In the new version, administrators can set whether external content can be displayed.
References (4)
Scores
CVSS v3
6.5
EPSS
0.0224
EPSS Percentile
84.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Classification
CWE
CWE-495
Status
published
Affected Products (2)
apache/answer
< 1.4.2
apache/answer
< 1.4.5Go
Timeline
Published
Apr 01, 2025
Tracked Since
Feb 18, 2026