CVE-2025-15097

Summary

A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.

Affected Software

VendorProductVersion RangeStatus
AlteryxServer2020.2.3.27789affected
AlteryxServer2021.4.2.47895affected
AlteryxServer2022.1.1.30961affected
AlteryxServer2022.1.1.42707affected
AlteryxServer2023.1.1.123affected
AlteryxServer2023.1.1.306affected
AlteryxServer2023.2.1.51affected
AlteryxServer2024.1.1.49affected
AlteryxServer2024.1.1.136affected
AlteryxServer2024.1.1.209affected
AlteryxServer2024.2.1.14affected
AlteryxServer2024.2.1.41affected
AlteryxServer2024.2.1.73affected
AlteryxServer2024.2.1.94affected
AlteryxServer2023.1.1.13.486unaffected
AlteryxServer2023.2.1.10.293unaffected
AlteryxServer2024.1.1.9.236unaffected
AlteryxServer2024.2.1.6.125unaffected
AlteryxServer2025.1.1.1.31unaffected

Weaknesses

  • CWE-287: Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References