Logstash Improper Certificate Validation in TCP output (ESA-2025-08)
Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.
Affected Versions:
All versions prior to 8.17.6, as well as version 8.18.0 and version 9.0.0.
Affected Configurations:
This issue affects the TCP output plugin when run in “client” mode and ssl_verification_mode => full is set to full (the default).
Solutions and Mitigations:
The issue is resolved in version 8.17.6, 8.18.1, and 9.0.1.
Alternatively, users may also upgrade the TCP output plugin to 6.2.2 or 7.0.1 by running bin/logstash-plugin update logstash-output-tcp.
Severity: CVSSv3.1: 5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
CVE ID: CVE-2025-37730