Description

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response (401) is returned, the message will be ingested nonetheless. To mitigate the vulnerability, disable http-based inputs and allow only authenticated pull-based inputs. This vulnerability is fixed in 6.1.9.

INFO

Published Date :

2025-04-07T14:37:58.071Z

Last Modified :

2025-04-08T19:02:45.783Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-30373 vulnerability.

Vendors Products
Graylog
  • Graylog
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30373.

URL Resource
https://github.com/Graylog2/graylog2-server/commit/31bc13d3cd6f550ec83473d0f8666cd3ebf50f10 cve-icon cve-icon
https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-q7g5-jq6p-6wvx cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact