CVE-2025-30373

Name of the Vulnerable Software and Affected Versions Graylog versions 6.1 through 6.1.8

Description The issue concerns the authentication mechanism for HTTP-based ingestion in Graylog. Even when a specified header is missing or has an incorrect value, the system returns the correct HTTP response (401) but still ingests the message. This behavior allows unauthorized access to the log management platform.

Recommendations For Graylog versions 6.1 through 6.1.8, disable HTTP-based inputs and allow only authenticated pull-based inputs as a mitigation measure. Update to version 6.1.9 to fully resolve the issue.