CVE-2025-37730

Summary

Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.

Affected Software

VendorProductVersion RangeStatus
ElasticLogstash8.0.0 < 8.17.6affected
ElasticLogstash8.18.0 < 8.18.1affected
ElasticLogstash9.0.0 < 9.0.1affected

Weaknesses

  • CWE-295: CWE-295

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References