CVE-2025-27912: 
Datalust Seq vulnerability analysis and mitigation

An issue was discovered in Datalust Seq before 2024.3.13545. The vulnerability (CVE-2025-27912) involves missing Content-Type validation that can lead to Cross-Site Request Forgery (CSRF) attacks. The vulnerability was discovered through Datalust's internal security processes and was disclosed on February 17, 2025. The affected systems include installations of Datalust Seq prior to version 2024.3.13545, with varying scope and impact for versions before Seq 202x (Datalust Issue, NVD).

The vulnerability stems from improper Content-Type validation in the authentication mechanism. It can be triggered under two specific conditions: when Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. The vulnerability has been assigned a CVSS 3.1 score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (NVD).

Successful exploitation of the vulnerability allows attackers to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user. The attack requires the user to visit a malicious website while having an authenticated Seq session cookie in their browser (Datalust Issue).

All Seq customers are advised to update to Seq version 2024.3.13545 or later as soon as possible. The fixed version is available for download at datalust.co/download or via Docker image datalust/seq:2024.3.13545 (Datalust Issue).