Description

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugins would automatically use a trust all SSL strategy when connecting to OpenSearch clusters if no certificate path was explicitly configured. This behavior bypasses SSL certificate validation, potentially allowing attackers to intercept and modify data in transit through man-in-the-middle attacks. The vulnerability affects connections to OpenSearch when the cert parameter is not explicitly provided. This issue has been patched in version 2.12.2. As a workaround, users can add the cert parameter to their OpenSearch sink or source configuration with the path to the cluster's CA certificate.

INFO

Published Date :

2025-10-15T17:25:43.428Z

Last Modified :

2025-10-15T18:13:42.168Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62371 vulnerability.

Vendors Products
Amazon
  • Opensearch Data Prepper
Opensearch
  • Opensearch
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62371.

URL Resource
https://github.com/opensearch-project/data-prepper/commit/98fcf0d0ff9c18f1f7501e11dbed918814724b99 cve-icon cve-icon
https://github.com/opensearch-project/data-prepper/commit/b0386a5af3fb71094ba6c86cd8b2afc783246599 cve-icon cve-icon
https://github.com/opensearch-project/data-prepper/commit/db11ce8f27ebca018980b2bca863f7173de9ce56 cve-icon cve-icon
https://github.com/opensearch-project/data-prepper/security/advisories/GHSA-43ff-rr26-8hx4 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact