CVE-2025-46547

Published: Apr 25, 2025Modified: Oct 16, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

Affected (1)

Products: Sherparpa: Sherpa Orchestrator

Sherparpa

1 product

Sherpa Orchestrator

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sherparpa Sherpa Orchestrator	Version 141851

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://deiteriy.com

Source: cve@mitre.org

Not Applicable

https://gist.github.com/ArtemBrylev/9af206c46d7505db03ad6fcd9fc46f7f

Source: cve@mitre.org

Third Party Advisory

https://sherparpa.com

Source: cve@mitre.org

Product

https://twitter.com/ArtyomBrylev

Source: cve@mitre.org

Not Applicable

Timeline

No history available yet.