Login Sign Up

CVE-2025-29868

6.5 MEDIUM

📋 TL;DR

This vulnerability in Apache Answer allows external image providers to obtain the IP addresses of users who view their images. It affects all Apache Answer installations through version 1.4.2. The issue occurs when users access externally referenced images, leaking private user information to third parties.

💻 Affected Systems

Products:
  • Apache Answer
Versions: through 1.4.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerable when external images are referenced and accessed by users. The vulnerability exists in the default configuration.

📦 What is this software?

Answer by Apache

View all CVEs affecting Answer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass collection of user IP addresses by malicious actors, enabling targeted attacks, profiling, or correlation with other data breaches.

🟠

Likely Case

External image providers (including potential attackers) can track which users access specific content, compromising user privacy.

🟢

If Mitigated

Limited to non-sensitive information disclosure if proper network segmentation and privacy controls are implemented.

🌐 Internet-Facing: HIGH - Any internet-facing Apache Answer instance with external images enabled exposes user IP addresses to third parties.
🏢 Internal Only: MEDIUM - Internal users' IP addresses could still be exposed to external image providers if they access such content.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires an attacker to host an external image that users access through the vulnerable Apache Answer instance.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.5

Vendor Advisory: https://lists.apache.org/thread/l7pohw5g03g3qsvrz8pqc9t29mdv5lhf

Restart Required: Yes

Instructions:

1. Download Apache Answer 1.4.5 from official sources. 2. Backup current installation and data. 3. Replace with new version files. 4. Restart the Apache Answer service. 5. Configure external content settings as needed.

🔧 Temporary Workarounds

Disable External Images

all

Configure Apache Answer to block or not display externally referenced images

Configure in admin settings: Set 'Allow external images' to false

Network Filtering

all

Block outbound requests to external image hosts at network level

Configure firewall rules to block image requests to untrusted domains

🧯 If You Can't Patch

  • Implement strict content security policies to block external image loading
  • Use reverse proxy to strip or rewrite external image URLs before reaching Apache Answer

🔍 How to Verify

Check if Vulnerable:

Check Apache Answer version in admin panel or configuration files. Versions 1.4.2 and below are vulnerable.

Check Version:

Check version in web interface admin panel or examine configuration files for version information

Verify Fix Applied:

Verify version is 1.4.5 or later, and test that external images are properly controlled via admin settings.

📡 Detection & Monitoring

Log Indicators:

  • Outbound requests to external image hosts from Apache Answer server
  • User access logs showing external image URLs

Network Indicators:

  • HTTP requests from Apache Answer server to external image domains
  • DNS queries for external image hosts

SIEM Query:

source="apache-answer" AND (url CONTAINS "http://" OR url CONTAINS "https://") AND (url CONTAINS ".jpg" OR url CONTAINS ".png" OR url CONTAINS ".gif")

📊 Metadata

CVE ID: CVE-2025-29868
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-495
EPSS Score: 2.24% exploit probability (84.2th percentile)
Published: April 1, 2025
Last Updated: April 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON