SSL Certificate Trust Vulnerability in OpenSearch Data Prepper by OpenSearch
CVE-2025-62371

7.4HIGH

Key Information:

Vendor

Opensearch-project

Status
Data-prepper
Vendor
CVE Published:
15 October 2025

What is CVE-2025-62371?

OpenSearch Data Prepper, an open-source data collector for observability, has a vulnerability in its handling of SSL certificates. In versions before 2.12.2, both the OpenSearch sink and source plugins trust all SSL certificates by default if no certificate path is specified. This default behavior can lead to a bypass of SSL certificate validation, making the system susceptible to man-in-the-middle attacks, where attackers can intercept and alter data transmitted between OpenSearch Data Prepper and OpenSearch clusters. To mitigate this vulnerability, users should upgrade to version 2.12.2 or later or explicitly provide the certificate parameter in their configuration.

Affected Version(s)

data-prepper < 2.12.2

References

https://github.com/opensearch-project/data-prepper/securi...
x_refsource_CONFIRM
https://github.com/opensearch-project/data-prepper/commit...
x_refsource_MISC
https://github.com/opensearch-project/data-prepper/commit...
x_refsource_MISC

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62371 : SSL Certificate Trust Vulnerability in OpenSearch Data Prepper by OpenSearch