CVE-2025-22216

Summary

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones.

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryCloud Foundry UAA77.20.X < 77.20.2affected
Cloud FoundryCloud Foundry UAA77.2X.0 < 77.25.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References