Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-37730

Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.

Published

2025-05-06T18:15:38.410

Last Modified

2025-05-07T14:13:20.483

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-295

Affected Vendors & Products

References

https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869 ([email protected])