CVE-2025-49015

Name of the Vulnerable Software and Affected Versions Couchbase .NET SDK versions prior to 3.7.1

Description The issue concerns the Couchbase .NET SDK's failure to properly enable hostname verification for TLS certificates. Additionally, the SDK was using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.

Recommendations For versions prior to 3.7.1, update to version 3.7.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of IP addresses and ensure that hostname verification is properly enabled for TLS certificates. Restrict access to sensitive data until the update is applied to minimize the risk of exploitation.