Privilege Escalation Vulnerability in Graylog Log Management Platform
CVE-2025-53106

8.8HIGH

Key Information:

Vendor

Graylog2

Status
Graylog2-server
Vendor
CVE Published:
2 July 2025

What is CVE-2025-53106?

In Graylog versions 6.2.0 to 6.2.3 and 6.3.0-alpha.1 to 6.3.0-rc.1, users can exploit a vulnerability that allows for elevated privileges through unauthorized API token creation. An attacker with access to a Graylog user account can send specifically crafted requests to the REST API, bypassing security checks and gaining unauthorized rights. This vulnerability has been addressed in versions 6.2.4 and 6.3.0-rc.2. To mitigate this risk before upgrading, it is recommended to disable the personal access token feature in the system settings.

Affected Version(s)

graylog2-server >= 6.2.0, < 6.2.4 < 6.2.0, 6.2.4

graylog2-server >= 6.3.0-alpha.1, < 6.3.0-rc.2 < 6.3.0-alpha.1, 6.3.0-rc.2

References

https://github.com/Graylog2/graylog2-server/security/advi...
x_refsource_CONFIRM
https://github.com/Graylog2/graylog2-server/commit/6936bd...
x_refsource_MISC
https://github.com/Graylog2/graylog2-server/commit/9215b8...
x_refsource_MISC

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53106 : Privilege Escalation Vulnerability in Graylog Log Management Platform