exploitDog

CVE-2025-37730

Опубликовано: 06 мая 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.

Ссылки

https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869

EPSS

Процентиль: 7%

0.00028

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-295

Связанные уязвимости

CVE-2025-37730

CVSS3: 6.5

debian

9 месяцев назад

Improper certificate validation in Logstash's TCP output could lead to ...

GHSA-qrf7-ph5v-mj2v

CVSS3: 6.5

github

9 месяцев назад

Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.

EPSS

Процентиль: 7%

0.00028

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-295