Search criteria
2 vulnerabilities found for Server by Alteryx
CVE-2025-15097 (GCVE-0-2025-15097)
Vulnerability from nvd – Published: 2025-12-26 02:32 – Updated: 2025-12-26 19:30
VLAI?
Title
Alteryx Server status improper authentication
Summary
A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alteryx | Server |
Affected:
2020.2.3.27789
Affected: 2021.4.2.47895 Affected: 2022.1.1.30961 Affected: 2022.1.1.42707 Affected: 2023.1.1.123 Affected: 2023.1.1.306 Affected: 2023.2.1.51 Affected: 2024.1.1.49 Affected: 2024.1.1.136 Affected: 2024.1.1.209 Affected: 2024.2.1.14 Affected: 2024.2.1.41 Affected: 2024.2.1.73 Affected: 2024.2.1.94 Unaffected: 2023.1.1.13.486 Unaffected: 2023.2.1.10.293 Unaffected: 2024.1.1.9.236 Unaffected: 2024.2.1.6.125 Unaffected: 2025.1.1.1.31 |
Credits
Diyan Apostolov (ICT Strypes)
fosi (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15097",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T19:30:44.954905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T19:30:52.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Server",
"vendor": "Alteryx",
"versions": [
{
"status": "affected",
"version": "2020.2.3.27789"
},
{
"status": "affected",
"version": "2021.4.2.47895"
},
{
"status": "affected",
"version": "2022.1.1.30961"
},
{
"status": "affected",
"version": "2022.1.1.42707"
},
{
"status": "affected",
"version": "2023.1.1.123"
},
{
"status": "affected",
"version": "2023.1.1.306"
},
{
"status": "affected",
"version": "2023.2.1.51"
},
{
"status": "affected",
"version": "2024.1.1.49"
},
{
"status": "affected",
"version": "2024.1.1.136"
},
{
"status": "affected",
"version": "2024.1.1.209"
},
{
"status": "affected",
"version": "2024.2.1.14"
},
{
"status": "affected",
"version": "2024.2.1.41"
},
{
"status": "affected",
"version": "2024.2.1.73"
},
{
"status": "affected",
"version": "2024.2.1.94"
},
{
"status": "unaffected",
"version": "2023.1.1.13.486"
},
{
"status": "unaffected",
"version": "2023.2.1.10.293"
},
{
"status": "unaffected",
"version": "2024.1.1.9.236"
},
{
"status": "unaffected",
"version": "2024.2.1.6.125"
},
{
"status": "unaffected",
"version": "2025.1.1.1.31"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Diyan Apostolov (ICT Strypes)"
},
{
"lang": "en",
"type": "reporter",
"value": "fosi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T02:32:05.819Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338428 | Alteryx Server status improper authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.338428"
},
{
"name": "VDB-338428 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338428"
},
{
"name": "Submit #710169 | Alteryx Alteryx Server 2020/2021/2022/2023/2024/2025 Authentication Bypass Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.710169"
},
{
"tags": [
"related"
],
"url": "https://ict-strypes.eu/wp-content/uploads/2025/12/Alteryx-Second-Research.pdf"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/apostolovd/f84631eed2f0c0e83e2e174b1480f08c"
},
{
"tags": [
"patch"
],
"url": "https://help.alteryx.com/release-notes/en/release-notes/server-release-notes/server-2025-1-release-notes.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-25T16:23:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Alteryx Server status improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15097",
"datePublished": "2025-12-26T02:32:05.819Z",
"dateReserved": "2025-12-25T15:16:00.965Z",
"dateUpdated": "2025-12-26T19:30:52.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15097 (GCVE-0-2025-15097)
Vulnerability from cvelistv5 – Published: 2025-12-26 02:32 – Updated: 2025-12-26 19:30
VLAI?
Title
Alteryx Server status improper authentication
Summary
A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alteryx | Server |
Affected:
2020.2.3.27789
Affected: 2021.4.2.47895 Affected: 2022.1.1.30961 Affected: 2022.1.1.42707 Affected: 2023.1.1.123 Affected: 2023.1.1.306 Affected: 2023.2.1.51 Affected: 2024.1.1.49 Affected: 2024.1.1.136 Affected: 2024.1.1.209 Affected: 2024.2.1.14 Affected: 2024.2.1.41 Affected: 2024.2.1.73 Affected: 2024.2.1.94 Unaffected: 2023.1.1.13.486 Unaffected: 2023.2.1.10.293 Unaffected: 2024.1.1.9.236 Unaffected: 2024.2.1.6.125 Unaffected: 2025.1.1.1.31 |
Credits
Diyan Apostolov (ICT Strypes)
fosi (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15097",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T19:30:44.954905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T19:30:52.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Server",
"vendor": "Alteryx",
"versions": [
{
"status": "affected",
"version": "2020.2.3.27789"
},
{
"status": "affected",
"version": "2021.4.2.47895"
},
{
"status": "affected",
"version": "2022.1.1.30961"
},
{
"status": "affected",
"version": "2022.1.1.42707"
},
{
"status": "affected",
"version": "2023.1.1.123"
},
{
"status": "affected",
"version": "2023.1.1.306"
},
{
"status": "affected",
"version": "2023.2.1.51"
},
{
"status": "affected",
"version": "2024.1.1.49"
},
{
"status": "affected",
"version": "2024.1.1.136"
},
{
"status": "affected",
"version": "2024.1.1.209"
},
{
"status": "affected",
"version": "2024.2.1.14"
},
{
"status": "affected",
"version": "2024.2.1.41"
},
{
"status": "affected",
"version": "2024.2.1.73"
},
{
"status": "affected",
"version": "2024.2.1.94"
},
{
"status": "unaffected",
"version": "2023.1.1.13.486"
},
{
"status": "unaffected",
"version": "2023.2.1.10.293"
},
{
"status": "unaffected",
"version": "2024.1.1.9.236"
},
{
"status": "unaffected",
"version": "2024.2.1.6.125"
},
{
"status": "unaffected",
"version": "2025.1.1.1.31"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Diyan Apostolov (ICT Strypes)"
},
{
"lang": "en",
"type": "reporter",
"value": "fosi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T02:32:05.819Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338428 | Alteryx Server status improper authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.338428"
},
{
"name": "VDB-338428 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338428"
},
{
"name": "Submit #710169 | Alteryx Alteryx Server 2020/2021/2022/2023/2024/2025 Authentication Bypass Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.710169"
},
{
"tags": [
"related"
],
"url": "https://ict-strypes.eu/wp-content/uploads/2025/12/Alteryx-Second-Research.pdf"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/apostolovd/f84631eed2f0c0e83e2e174b1480f08c"
},
{
"tags": [
"patch"
],
"url": "https://help.alteryx.com/release-notes/en/release-notes/server-release-notes/server-2025-1-release-notes.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-25T16:23:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Alteryx Server status improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15097",
"datePublished": "2025-12-26T02:32:05.819Z",
"dateReserved": "2025-12-25T15:16:00.965Z",
"dateUpdated": "2025-12-26T19:30:52.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}