CVE-2025-9624

Summary

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.

This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.

Affected Software

VendorProductVersion RangeStatus
OpenSearchOpenSearch3.0.0 < 3.3.0affected
OpenSearchOpenSearch1.0.0 < 2.19.4affected

Weaknesses

  • CWE-674: CWE-674 Uncontrolled Recursion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References