CVE-2025-30373: 
Java vulnerability analysis and mitigation

Graylog, a free and open log management platform, disclosed a vulnerability (CVE-2025-30373) affecting versions 6.1.0 through 6.1.8. The vulnerability was discovered and disclosed on April 7, 2025. The issue affects HTTP Inputs functionality in Graylog where authentication checks for HTTP-based ingestion can be bypassed (GitHub Advisory).

The vulnerability stems from an authentication bypass in HTTP Inputs configuration. While the system is configured to check for specific headers and values for authentication, and correctly returns a 401 HTTP response for missing or incorrect authentication headers, it fails to prevent the message ingestion process. This results in messages being processed despite failed authentication attempts. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L (GitHub Advisory, NVD).

The vulnerability allows unauthorized users to bypass authentication mechanisms and successfully ingest messages into the Graylog system, even when authentication fails. This could lead to unauthorized data ingestion and potential system manipulation (GitHub Advisory).

The vulnerability has been fixed in Graylog version 6.1.9. For users unable to update immediately, the recommended workaround is to disable HTTP-based inputs and only allow authenticated pull-based inputs (GitHub Advisory).