Home > Vulnerability Database > CVE-2025-53106

Mend.io Vulnerability Database

CVE-2025-53106

Good to know:

Date: July 2, 2025

Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation.

Severity Score

9.0

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-53106

Url: https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3m86-c9x3-vwm9

Url: https://github.com/Graylog2/graylog2-server

Url: https://github.com/Graylog2/graylog2-server/commit/6936bd16a783c2944a3d2f1e83902062520f90e3

Url: https://github.com/Graylog2/graylog2-server/commit/9215b8f1fd32566c31e6f7447ed864df3590c157

Url: https://www.mend.io/vulnerability-database/CVE-2025-53106

Severity Score

9.0

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version org.graylog2:graylog2-server:6.2.4;https://github.com/Graylog2/graylog2-server.git - 6.2.4

Learn More

CVSS v3.1

Base Score:	9.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-53106

Good to know:

Date: July 2, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?