CVE-2025-46547
MEDIUMSherpa Orchestrator 141851 - Cross-Site Request Forgery
Title source: llmDescription
In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.
References (4)
Core 4
Core References
Not Applicable
https://deiteriy.com
Third Party Advisory
https://gist.github.com/ArtemBrylev/9af206c46d7505db03ad6fcd9fc46f7f
Product
https://sherparpa.com
Not Applicable
https://twitter.com/ArtyomBrylev
Scores
CVSS v3
5.4
EPSS
0.0014
EPSS Percentile
3.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-352
Status
published
Products (1)
sherparpa/sherpa_orchestrator
141851
Published
Apr 25, 2025
Tracked Since
Feb 18, 2026