6.5
CVE-2025-37730
- EPSS 0.09%
- Veröffentlicht 06.05.2025 17:29:07
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security@elastic.co
- CVE-Watchlists
- Unerledigt
Logstash Improper Certificate Validation in TCP output
Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerElastic
≫
Produkt
Logstash
Default Statusunaffected
Version
8.0.0
Version <
8.17.6
Status
affected
Version
8.18.0
Version <
8.18.1
Status
affected
Version
9.0.0
Version <
9.0.1
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.256 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@elastic.co | 6.5 | 2.2 | 4.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.