Improper Certificate Validation Affecting logstash-output-tcp package, versions <6.2.2>=7.0.0, <7.0.1


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.02% (4th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RUBY-LOGSTASHOUTPUTTCP-10574452
  • published2 Jul 2025
  • disclosed6 May 2025
  • creditUnknown

Introduced: 6 May 2025

CVE-2025-37730  (opens in a new tab)
CWE-295  (opens in a new tab)

How to fix?

Upgrade logstash-output-tcp to version 6.2.2, 7.0.1 or higher.

Overview

logstash-output-tcp is an a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program.

Affected versions of this package are vulnerable to Improper Certificate Validation due to the lack of hostname verification in the TCP output when ssl_verification_mode is set to full. An attacker in “client” mode can intercept and alter the communication by positioning themselves between the communicating parties.

Note: While the vulnerability exists in the logstash-output-tcp package, it is not a standalone package. logstash-output-tcp is a plugin intended to be installed on top of the Logstash core pipeline. As such, this issue can be mitigated either by updating the package directly or by updating Logstash to a patched version as indicated here

CVSS Base Scores

version 4.0
version 3.1