Vulnerability Description
Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of that accessing user. Users are recommended to upgrade to version 1.4.5, which fixes the issue. In the new version, administrators can set whether external content can be displayed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Answer | <= 1.4.2 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread/l7pohw5g03g3qsvrz8pqc9t29mdv5lhfMailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2025/04/01/2Mailing List
- http://www.openwall.com/lists/oss-security/2025/04/02/1Mailing List
- http://www.openwall.com/lists/oss-security/2025/04/10/3Mailing List
FAQ
What is CVE-2025-29868?
CVE-2025-29868 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user acces...
How severe is CVE-2025-29868?
CVE-2025-29868 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-29868?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Answer.