CNNVD-202510-2097 Information

Oct 15, 2025 cve

CNNVD ID

CNNVD-202510-2097

CVE-2025-62371

  • CNNVD Published: 2025-10-15

Description (Chinese)

OpenSearch Data Prepper是OpenSearch开源的一个 OpenSearch 项目的组件 OpenSearch Data Prepper 2.12.2之前版本存在信任管理问题漏洞,该漏洞源于OpenSearch sink和source插件默认信任所有SSL证书,可能导致中间人攻击。

Description (English)

OpenSearch Data Prepper is a component of OpenSearch open source Before OpenSearch Data Prepper 2.12.2, there was a trust management gap, which originated from OpenSearch link and source plugins defaulting on all SSL certificates, which could lead to attacks by intermediaries.

Hazard Level

High

Vulnerability Type

信任管理问题

Affected Vendor

OpenSearch

Published

2025-10-15

Last Modified

2026-02-24

References

https://github.com/opensearch-project/data-prepper/security/advisories/GHSA-43ff-rr26-8hx4 https://github.com/opensearch-project/data-prepper/commit/db11ce8f27ebca018980b2bca863f7173de9ce56 https://github.com/opensearch-project/data-prepper/commit/b0386a5af3fb71094ba6c86cd8b2afc783246599 https://github.com/opensearch-project/data-prepper/commit/98fcf0d0ff9c18f1f7501e11dbed918814724b99 https://access.redhat.com/security/cve/cve-2025-62371

Patch

https://github.com/opensearch-project/data-prepper/releases

Share on: