CVE-2025-23196: Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition
First published: Tue Jan 21 2025(Updated: )
A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Ambari | < |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/oss-sec
- source/oss-sec
- alias/CVE-2025-23196
- agent/title
- agent/first-publish-date
- agent/weakness
- agent/type
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- agent/references
- agent/trending
- agent/source
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- vendor/apache
- canonical/apache ambari