CVE-2025-35434

Publication date

2025-09-17 16:53:08

Family

cisa-cg

State

PUBLISHED

Description

CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.