CVE-2025-53106
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-02

Last updated on: 2025-10-30

Assigner: GitHub, Inc.

Description
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation. This issue has been patched in versions 6.2.4 and 6.3.0-rc.2. A workaround involves disabling the respective configuration found in System > Configuration > Users > "Allow users to create personal access tokens".
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-02
Last Modified
2025-10-30
Generated
2026-05-07
AI Q&A
2025-07-02
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53106
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
graylog graylog From 6.2.0 (inc) to 6.2.4 (exc)
graylog graylog 6.3.0
graylog graylog 6.3.0
graylog graylog 6.3.0
graylog graylog 6.3.0
graylog graylog 6.3.0
graylog graylog 6.3.0
graylog graylog 6.3.0
graylog graylog 6.3.0
graylog graylog 6.3.0
graylog graylog 6.3.0
graylog graylog 6.3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Graylog allows a user with a valid account to gain elevated privileges by creating and using API tokens for the local Administrator or any other user if they know that user's ID. The attacker exploits a weak permission check in the Graylog REST API when creating tokens. This issue affects versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2 and has been fixed in later versions.


How can this vulnerability impact me? :

An attacker who has a Graylog user account can escalate their privileges to those of an Administrator or other users by creating API tokens, potentially gaining unauthorized access to sensitive log data and administrative functions. This can lead to unauthorized data access, modification, or disruption of log management operations.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, disable the configuration option found in Graylog under System > Configuration > Users > "Allow users to create personal access tokens". Additionally, upgrade Graylog to version 6.2.4 or later, or 6.3.0-rc.2 or later, where the issue has been patched.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart