Main Vulnerability Database SB2025040768

SB2025040768 - Improper Authentication in Graylog

Published: April 7, 2025 Updated: June 25, 2026

Security Bulletin ID SB2025040768

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Authentication (CVE-ID: CVE-2025-30373)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass HTTP input authentication and inject messages.

The vulnerability exists due to improper authentication in HTTP inputs when handling HTTP-based ingestion requests with a missing or incorrect Authorization header. A remote attacker can send a specially crafted request to bypass HTTP input authentication and inject messages.

The server returns an HTTP 401 response even though the message is still ingested.

Remediation

Install update from vendor's website.

References

https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-q7g5-jq6p-6wvx