Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-9624

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.

Published

2025-11-25T20:16:01.177

Last Modified

2025-12-15T14:15:57.967

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-674

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amazon	opensearch	< 3.3.0	Yes

References

https://fluidattacks.com/advisories/chick Exploit, Third Party Advisory ([email protected])
https://github.com/opensearch-project/OpenSearch/releases/tag/2.19.4 ([email protected])
https://github.com/opensearch-project/OpenSearch/releases/tag/3.3.0 ([email protected])