Sherparpa Sherpa Orchestrator — known CVE vulnerabilities
Every CVE whose affected-product data names Sherparpa Sherpa Orchestrator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-46544 — CVSS 6.4 (medium): In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.
CVE-2025-46547 — CVSS 5.4 (medium): In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting…
CVE-2025-46545 — CVSS 4.4 (medium): In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through…
CVE-2025-46546 — CVSS 3.5 (low): In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects…