CVE-2025-62371 — Improper Certificate Validation in Data-prepper

CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.0%

top 94.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensearch-project Data-prepper Amazon Opensearch Data Prepper

Timeline

PublishedOct 15

Description

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugins would automatically use a trust all SSL strategy when connecting to OpenSearch clusters if no certificate path was explicitly configured. This behavior bypasses SSL certificate validation, potentially …

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶NVDamazon/opensearch_data_prepper< 2.12.2

▶CVEListV5opensearch-project/data-prepper< 2.12.2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

OpenSearch Data Prepper plugins trust all SSL certificates by default↗2025-10-15

▶

OSV

OpenSearch Data Prepper plugins trust all SSL certificates by default↗2025-10-15

▶

CVEList

OpenSearch Data Prepper plugins trusts all SSL certificates by default↗2025-10-15

▶