CVE-2025-9624
- Source
- https://cve.org/CVERecord?id=CVE-2025-9624
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9624.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-9624
- Aliases
- Downstream
- Related
- Published
- 2025-11-25T20:16:01.177Z
- Modified
- 2026-03-14T12:47:19.103063Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.
This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.
- References
Affected packages
Git / github.com/opensearch-project/opensearch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opensearch-project/opensearch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.0.0-alpha1
1.0.0-alpha2
1.0.0-beta1
2.*
2.19.0
2.19.1
2.19.2
2.19.3
3.*
3.0.0
3.0.0-alpha1
3.0.1
3.1.0
3.2.0
opensearch-api/2.*
opensearch-api/2.1.0
opensearch-api/2.2.0
opensearch-aws-sigv4/1.*
opensearch-aws-sigv4/1.0.0
opensearch-aws-sigv4/1.1.0
opensearch-aws-sigv4/1.2.0
opensearch-dsl/0.*
opensearch-dsl/0.2.1
opensearch-ruby/2.*
opensearch-ruby/2.1.0
opensearch-transport/2.*
opensearch-transport/2.1.0
v2.*
v2.0.0