CVE-2025-9624

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fluidattacks.com/advisories/chick	Exploit Third Party Advisory
https://github.com/opensearch-project/OpenSearch/releases/tag/2.19.4
https://github.com/opensearch-project/OpenSearch/releases/tag/3.3.0

Configurations

Configuration 1 (hide)

cpe:2.3:a:amazon:opensearch:*:*:*:*:*:*:*:*

History

15 Dec 2025, 14:15

Type	Values Removed	Values Added
Summary	~~(en) A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions below 3.2.0.~~	(en) A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.
References	~~{'url': 'https://opensearch.org/blog/explore-opensearch-3-3/', 'tags': ['Release Notes'], 'source': 'help@fluidattacks.com'}~~	() https://github.com/opensearch-project/OpenSearch/releases/tag/2.19.4 - () https://github.com/opensearch-project/OpenSearch/releases/tag/3.3.0 -
References	~~() https://fluidattacks.com/advisories/chick - Third Party Advisory, Exploit~~	() https://fluidattacks.com/advisories/chick - Exploit, Third Party Advisory

02 Dec 2025, 15:34

Type	Values Removed	Values Added
References	~~() https://fluidattacks.com/advisories/chick -~~	() https://fluidattacks.com/advisories/chick - Third Party Advisory, Exploit
References	~~() https://opensearch.org/blog/explore-opensearch-3-3/ -~~	() https://opensearch.org/blog/explore-opensearch-3-3/ - Release Notes
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:amazon:opensearch::::::::
First Time		Amazon opensearch Amazon

25 Nov 2025, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-25 20:16

Updated : 2025-12-15 14:15

NVD link : CVE-2025-9624

Mitre link : CVE-2025-9624

CVE.ORG link : CVE-2025-9624

JSON object : View

Products Affected

amazon

opensearch

CWE

CWE-674

Uncontrolled Recursion

7.5 /10