CVE-2025-62371

Name of the Vulnerable Software and Affected Versions OpenSearch Data Prepper versions prior to 2.12.2

Description OpenSearch Data Prepper is an open source data collector for observability data. The OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. This bypasses SSL certificate validation, potentially allowing attackers to intercept and modify data in transit through man-in-the-middle attacks when connecting to OpenSearch clusters without explicitly configuring a certificate path. The issue affects connections to OpenSearch when the cert parameter is not explicitly provided.

Recommendations Versions prior to 2.12.2 should be updated to version 2.12.2 or later. As a workaround, add the cert parameter to the OpenSearch sink or source configuration with the path to the cluster's CA certificate.