CVE-2025-47244: CSRF
First published: Sat May 03 2025(Updated: )
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information. Exploitation can occur if Anonymous access is enabled, or if there is a successful CSRF attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Inedo ProGet | <=2024.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-47244?
CVE-2025-47244 is considered a high-severity vulnerability due to the potential for remote exploitation and denial of service.
How do I fix CVE-2025-47244?
To fix CVE-2025-47244, upgrade Inedo ProGet to a version later than 2024.22.
What types of attacks can be executed through CVE-2025-47244?
CVE-2025-47244 allows remote attackers to cause denial of service or access potentially sensitive information.
Is my Inedo ProGet installation vulnerable to CVE-2025-47244?
If you are using Inedo ProGet version 2024.22 or earlier, your installation is vulnerable to CVE-2025-47244.
What impact does CVE-2025-47244 have on data security?
CVE-2025-47244 can lead to unauthorized access to sensitive information, compromising data security.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/inedo
- canonical/inedo proget