CVE-2025-29868
Apache Answer: Using externally referenced images can leak user privacy.Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of that accessing user. Users are recommended to upgrade to version 1.4.5, which fixes the issue. In the new version, administrators can set whether external content can be displayed.
We have discovered 3 live websites that are affected by CVE-2025-29868.
Affected Software
| Product | |
| Category | Help desk |
| Vulnerable Domains | 3 live websites (38% of Apache Answer install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 1 versions ( 33% of all versions) |
Common Weakness Enumeration
CWE-495 Private Data Structure Returned From A Public MethodDetails
- Published - Apr 1, 2025
- Updated - Apr 10, 2025
Credits
- Hamed Kohi (reporter)
- Luke Smith (reporter)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-29868 United States | 1 websites |
 Czech Republic | 1 websites |
 Singapore | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-29868| .com | 2 websites |
| .cz | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-29868
Top websites that are affected by CVE-2025-29868. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | Singapore | **,***,*** | |
| ******.cz | Czech Republic | **,***,*** | |
| ****.com | United States | ***,***,*** |
FAQ
CVE-2025-29868 is Private Data Structure Returned From A Public Method in Apache Answer
A total of 3 websites have been identified as vulnerable to CVE-2025-29868, based on global website indexing conducted by WebTechSurvey.
The Apache Answer is affected by the CVE-2025-29868 vulnerability.
Apache Answer versions up to and including 1.4.2 are vulnerable to CVE-2025-29868.