GMOD Apollo

Plan PatchCVSS 9.8ICS-CERT ICSA-25-063-07Mar 4, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

GMOD Apollo versions prior to 2.8.0 contain multiple vulnerabilities including authentication bypass (CWE-306), privilege escalation (CWE-266), path traversal (CWE-23), and information disclosure (CWE-209). An unauthenticated attacker on the network can exploit these flaws to escalate privileges, bypass access controls, upload malicious files, or access sensitive information without valid credentials.

What this means

What could happen

An attacker could gain complete control of Apollo without a valid password, potentially altering critical game server settings, uploading malicious content, or accessing sensitive information. If Apollo is integrated into operational processes (logging, monitoring, or automation), this could disrupt those functions.

Who's at risk

Organizations running GMOD Apollo game servers or any system that depends on Apollo for configuration, logging, or automation should prioritize this update. This affects gaming infrastructure, streaming platforms, and any environment where Apollo is used for player management or server administration.

How it could be exploited

An attacker on the network sends a crafted request to the Apollo web interface that bypasses authentication checks and exploits path traversal or privilege escalation flaws. Once authenticated, the attacker can upload files or modify configuration through unauthenticated endpoints.

Prerequisites

Network access to the Apollo web interface port
No valid credentials required due to authentication bypass
Apollo version earlier than 2.8.0

remotely exploitableno authentication requiredlow complexitycritical CVSS (9.8)authentication bypassprivilege escalation

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

Apollo: <2.8.0<2.8.02.8.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the Apollo web interface to authorized IP addresses only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Apollo to version 2.8.0 or later

Long-term hardening

0/2

HARDENINGPlace Apollo behind a VPN or jump server to minimize direct Internet exposure

HARDENINGIsolate Apollo from the business network if it does not need to communicate with office systems

CVEs (4)

CVE-2025-21092 CVE-2025-23410 CVE-2025-24924 CVE-2025-20002

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/edb24073-023e-4eea-9bdb-4e440f098667

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.