216.73.216.133

CVE-2025-53106

· Published 02/07/2025 14:15 · Modified 03/07/2025 15:13

Labels: CVE-2025-53106 2025-07-02CVE-2025-53106CWE-285[email protected]

Essential information

Published
02/07/2025 14:15
Modified
03/07/2025 15:13
Author
Creator
CVSS
8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation. This issue has been patched in versions 6.2.4 and 6.3.0-rc.2. A workaround involves disabling the respective configuration found in System > Configuration > Users > "Allow users to create personal access tokens".

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
graylog / graylog cpe:2.3:a:graylog:graylog:6.2.0-6.2.4:*:*:*:*:*:*:*
graylog / graylog cpe:2.3:a:graylog:graylog:6.3.0-alpha.1-6.3.0-rc.2:*:*:*:*:*:*:*

References