CVE-2025-9624

High CVSS: 8.3

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.

This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.

Vendor

Amazon

Product

Opensearch

CWE

CWE-674

Yayın Tarihi

2025-11-25 20:16:01

Güncelleme

2025-12-15 14:15:57

Source Identifier

help@fluidattacks.com

KEV Date Added

Kategoriler

CWE-674 Opensearch HIGH Amazon 2025

Referanslar

https://fluidattacks.com/advisories/chick https://github.com/opensearch-project/OpenSearch/releases/tag/2.19.4 https://github.com/opensearch-project/OpenSearch/releases/tag/3.3.0

Benzer Kayıtlar

High

CVE-2026-3337

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine au…

High

CVE-2026-3338

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verificatio…

High

CVE-2026-3336

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain v…

Medium

CVE-2026-1386

A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on L…

High

CVE-2025-14503

An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account…

High

CVE-2025-62371

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSe…