{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-37730", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2025-04-16T03:24:04.510Z", "datePublished": "2025-05-06T17:29:07.189Z", "dateUpdated": "2025-05-06T17:51:59.631Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Logstash", "repo": "https://github.com/elastic/logstash", "vendor": "Elastic", "versions": [{"lessThan": "8.17.6", "status": "affected", "version": "8.0.0", "versionType": "semver"}, {"lessThan": "8.18.1", "status": "affected", "version": "8.18.0", "versionType": "semver"}, {"lessThan": "9.0.1", "status": "affected", "version": "9.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: transparent;\">Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the </span><span style=\"background-color: transparent;\">ssl_verification_mode =&gt; full</span><span style=\"background-color: transparent;\"> was set.</span></p>"}], "value": "Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set."}], "impacts": [{"capecId": "CAPEC-94", "descriptions": [{"lang": "en", "value": "CAPEC-94"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2025-05-06T17:29:07.189Z"}, "references": [{"url": "https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869"}], "source": {"discovery": "UNKNOWN"}, "title": "Logstash Improper Certificate Validation in TCP output", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-06T17:51:38.262496Z", "id": "CVE-2025-37730", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T17:51:59.631Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-37730", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-06T17:51:38.262496Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T17:51:42.678Z"}}], "cna": {"title": "Logstash Improper Certificate Validation in TCP output", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-94", "descriptions": [{"lang": "en", "value": "CAPEC-94"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/elastic/logstash", "vendor": "Elastic", "product": "Logstash", "versions": [{"status": "affected", "version": "8.0.0", "lessThan": "8.17.6", "versionType": "semver"}, {"status": "affected", "version": "8.18.0", "lessThan": "8.18.1", "versionType": "semver"}, {"status": "affected", "version": "9.0.0", "lessThan": "9.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: transparent;\">Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the </span><span style=\"background-color: transparent;\">ssl_verification_mode =&gt; full</span><span style=\"background-color: transparent;\"> was set.</span></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2025-05-06T17:29:07.189Z"}}}, "cveMetadata": {"cveId": "CVE-2025-37730", "state": "PUBLISHED", "dateUpdated": "2025-05-06T17:51:59.631Z", "dateReserved": "2025-04-16T03:24:04.510Z", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "datePublished": "2025-05-06T17:29:07.189Z", "assignerShortName": "elastic"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set."}, {"lang": "es", "value": "Una validaci\u00f3n incorrecta del certificado en la salida TCP de Logstash podr\u00eda provocar un ataque de intermediario (MitM) en modo \u201cclient\u201d, ya que no se estaba realizando la verificaci\u00f3n del nombre de host en la salida TCP cuando se configuraba ssl_verification_mode =&gt; full."}], "id": "CVE-2025-37730", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "security@elastic.co", "type": "Secondary"}]}, "published": "2025-05-06T18:15:38.410", "references": [{"source": "security@elastic.co", "url": "https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869"}], "sourceIdentifier": "security@elastic.co", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "security@elastic.co", "type": "Secondary"}]}

{}

{"created": "2025-07-12T15:42:46.394931+00:00", "updated": "2025-07-12T16:01:42.396540+00:00", "vendors": ["elastic", "elastic$PRODUCT$logstash"]}