CVE-2025-37730

Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
References	~~() https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869 -~~	() https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869 -

07 May 2025, 14:13

Type	Values Removed	Values Added
Summary		(es) Una validación incorrecta del certificado en la salida TCP de Logstash podría provocar un ataque de intermediario (MitM) en modo “client”, ya que no se estaba realizando la verificación del nombre de host en la salida TCP cuando se configuraba ssl_verification_mode => full.

06 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-06 18:15

Updated : 2026-06-17 09:15

NVD link : CVE-2025-37730

Mitre link : CVE-2025-37730

CVE.ORG link : CVE-2025-37730

JSON object : View

Products Affected

No product.

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2025-37730", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-37730", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-06T17:51:38.262496Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.2}]}, "affected": [{"source": "security@elastic.co", "affectedData": [{"repo": "https://github.com/elastic/logstash", "vendor": "Elastic", "product": "Logstash", "versions": [{"status": "affected", "version": "8.0.0", "lessThan": "8.17.6", "versionType": "semver"}, {"status": "affected", "version": "8.18.0", "lessThan": "8.18.1", "versionType": "semver"}, {"status": "affected", "version": "9.0.0", "lessThan": "9.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}]}], "published": "2025-05-06T18:15:38.410", "references": [{"url": "https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869", "source": "security@elastic.co"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@elastic.co", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set."}, {"lang": "es", "value": "Una validaci\u00f3n incorrecta del certificado en la salida TCP de Logstash podr\u00eda provocar un ataque de intermediario (MitM) en modo \u201cclient\u201d, ya que no se estaba realizando la verificaci\u00f3n del nombre de host en la salida TCP cuando se configuraba ssl_verification_mode => full."}], "lastModified": "2026-06-17T09:15:19.850", "sourceIdentifier": "security@elastic.co"}