CVE-2025-37730

Medium CVSS: 6.5

Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.

Vendor

Product

CWE

CWE-295

Yayın Tarihi

2025-05-06 18:15:38

Güncelleme

2025-05-07 14:13:20

Source Identifier

security@elastic.co

KEV Date Added

Kategoriler

CWE-295 MEDIUM 2025

Referanslar

https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869