Security Advisory

CVE-2025-35434

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-17 16:53:08

Last updated 2025-09-30 16:32:05

Assigner cisa-cg

State PUBLISHED

Description

CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.

← Browse all CVEs View on cve.org ↗