icon

We found results for “

CVE-2025-30373

Good to know:

icon
icon

Date: April 7, 2025

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response (401) is returned, the message will be ingested nonetheless. To mitigate the vulnerability, disable http-based inputs and allow only authenticated pull-based inputs. This vulnerability is fixed in 6.1.9.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

icon

Upgrade Version

Upgrade to version org.graylog2:graylog2-server:6.1.9;https://github.com/Graylog2/graylog2-server.git - 6.1.9

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us