CVE-2025-23196

moderate-risk

Published 2025-01-21

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari.

Do I need to act?

2.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (1)

Ambari

Affected Vendors

Apache

References (2)

Vendor Advisory https://lists.apache.org/thread/70g1l5lxvko7kvhyxmtmklhhfrlon837

Mailing List http://www.openwall.com/lists/oss-security/2025/01/21/8

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 5/34 · Minimal

Exposure 5/34 · Minimal