Private Data Structure Returned From A Public Method

CVE-2025-29868

Medium

4.8/10

Summary

Private Data Structure Returned from a Public Method vulnerability in Apache Answer. This issue affects Apache Answer versions through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the IP address of that accessing user. Users are recommended to upgrade to version 1.4.5, which fixes the issue. In the new version, administrators can set whether external content can be displayed.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-495 - Private Data Structure Returned From A Public Method

The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

References

Advisory Timeline

Published Apr 01, 2025

Private Data Structure Returned From A Public Method

CVE-2025-29868

Summary

CWE-495 - Private Data Structure Returned From A Public Method

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS