Bug#1121416: opensearch: CVE-2025-9624
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 26 07:38:20 GMT 2025
Source: opensearch
Version: 2.4.1+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for opensearch.
CVE-2025-9624[0]:
| A vulnerability in OpenSearch allows attackers to cause Denial of
| Service (DoS) by submitting complex query_string inputs. This
| issue affects all OpenSearch versions below 3.2.0.
According to the upstream information this should be fixed in the
3.3.0 version onwards.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9624
https://www.cve.org/CVERecord?id=CVE-2025-9624
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list