Vulnerability Description
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation. This issue has been patched in versions 6.2.4 and 6.3.0-rc.2. A workaround involves disabling the respective configuration found in System > Configuration > Users > "Allow users to create personal access tokens".
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Graylog | Graylog | >= 6.2.0, < 6.2.4 |
Related Weaknesses (CWE)
References
- https://github.com/Graylog2/graylog2-server/commit/6936bd16a783c2944a3d2f1e83902Patch
- https://github.com/Graylog2/graylog2-server/commit/9215b8f1fd32566c31e6f7447ed86Patch
- https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3m86-c9x3-vThird Party Advisory
FAQ
What is CVE-2025-53106?
CVE-2025-53106 is a vulnerability with a CVSS score of 8.8 (HIGH). Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API token...
How severe is CVE-2025-53106?
CVE-2025-53106 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-53106?
Check the references section above for vendor advisories and patch information. Affected products include: Graylog Graylog.