Graylog
CVE-2025-30373
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
3Blast Radius
ecosystem impact- 5 maven packages depend on org.graylog2:graylog2-server (5 direct, 0 indirect)
Ecosystem-wide dependent count for version 6.1.0.
DescriptionGitHub Advisory
Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response (401) is returned, the message will be ingested nonetheless. To mitigate the vulnerability, disable http-based inputs and allow only authenticated pull-based inputs. This vulnerability is fixed in 6.1.9.
AnalysisAI
Graylog is a free and open log management platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-285. Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response (401) is returned, the message will be ingested nonetheless. To mitigate the vulnerability, disable http-based inputs and allow only authenticated pull-based inputs. This vulnerability is fixed in 6.1.9. Affected products include: Graylog.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Improper session invalidation in Graylog Web Interface 2.2.3 allows attackers to maintain access through expired session
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-
Graylog is a free and open log management platform. Rated high severity (CVSS 8.0), this vulnerability is remotely explo
Graylog 2.2.3 contains an insecure direct object reference (IDOR) vulnerability in its user API endpoint that allows aut
Reflected XSS in Graylog 2.2.3's web interface allows remote attackers to execute arbitrary JavaScript in a victim's bro
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /system/index_sets/ endpoint where unsanitized
Reflected XSS in Graylog Web Interface version 2.2.3 fails to properly sanitize user-supplied input in the /system/pipel
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /alerts/ endpoint where unencoded URL paramete
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /system/nodes/ endpoint where unescaped URL pa
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today