Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-49015

The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.

Published

2025-06-18T14:15:44.870

Last Modified

2025-07-09T18:46:32.550

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-297

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	couchbase	.net_sdk	≤ 3.7.1	Yes

References

https://docs.couchbase.com/server/current/release-notes/relnotes.html Release Notes ([email protected])
https://forums.couchbase.com/tags/security Issue Tracking ([email protected])
https://www.couchbase.com/alerts/ Vendor Advisory ([email protected])