Geode CLI

by GeodeSDKv3.7.4

Last updated Jun 8, 2026

Command line utilities for working with the Geode SDK

Install with winget

$ winget install --id GeodeSDK.GeodeCLI --exact --version 3.7.4

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v3.7.4

Architecture	Type	Scope	Install	Download
x64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

8 known CVEs via NVD

high8.8Patched in wingetCVE-2025-47410affects before 1.15.2Oct 18, 2025
Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authent...
Vendor advisory
medium6.1Patched in wingetCVE-2024-44088affects before 1.15.2Oct 14, 2025
Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user...
Vendor advisory
medium5.4Patched in wingetCVE-2022-34870affects <=1.15.0Oct 25, 2022
Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.
Vendor advisory
medium6.5Patched in wingetCVE-2022-37023affects before 1.15.0Aug 30, 2022
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documenta...
Vendor advisory
high8.8Patched in wingetCVE-2022-37022affects <=1.12.2Aug 30, 2022
Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java...
Vendor advisory
critical9.8Patched in wingetCVE-2022-37021affects <=1.12.5Aug 30, 2022
Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode...
Vendor advisory
high7.5Patched in wingetCVE-2021-34797affects >=1.13.0 and <=1.13.4Jan 3, 2022
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "se...
Vendor advisory
critical9.8Patched in wingetCVE-2020-1938affects v1.12.0Feb 24, 2020
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be ex...
Patch Vendor advisory

Source: NVD, updated 2h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Frequently asked questions

How do I install Geode CLI on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id GeodeSDK.GeodeCLI --exact --version 3.7.4. winget downloads the installer from GeodeSDK and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Geode CLI silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id GeodeSDK.GeodeCLI --exact 3.7.4 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall Geode CLI via winget?

Run: winget uninstall --id GeodeSDK.GeodeCLI --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Geode CLI's Apps & Features entry.

Is Geode CLI free?

Geode CLI is distributed under BSL-1.0. Refer to the publisher (https://github.com/geode-sdk/cli) for the full license terms - Wingetly itself does not charge for installation.

Does Geode CLI work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Geode CLI directly from the publisher.

How do I keep Geode CLI up to date?

Run winget upgrade --id GeodeSDK.GeodeCLI --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Geode CLI from microsoft/winget-pkgs.

Recent versions

3.7.4latest
3.7.3
3.7.2
3.7.1
3.7.0
3.6.0
3.4.0
3.0.5
2.11.0
2.7.1