CVE-2025-35434: 
Homebrew vulnerability analysis and mitigation

CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. This vulnerability (CVE-2025-35434) was discovered and disclosed on September 17, 2025, affecting CISA Thorium versions prior to 1.1.2. The vulnerability allows an unauthenticated attacker with access to a Thorium cluster to impersonate the Elasticsearch service (NVD, CSAF).

The vulnerability is classified as CWE-295 (Improper Certificate Validation). It has received a CVSS v3.1 base score of 4.2 (Medium) with vector string CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N, indicating adjacent network attack vector, high attack complexity, no privileges required, and no user interaction needed. Additionally, it received a CVSS v4.0 score of 2.3 (Low) with vector string CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N (NVD, AttackerKB).

The vulnerability could allow an attacker with access to a Thorium cluster to perform man-in-the-middle attacks by impersonating the Elasticsearch service. This could potentially lead to unauthorized access to data and compromise of service integrity (CSAF).

The vulnerability has been fixed in CISA Thorium version 1.1.2. Organizations are strongly advised to upgrade to this version or later. The fix implements proper TLS certificate validation for Elasticsearch connections (Thorium Release).

The vulnerability was discovered and reported by OpenAI Security Research. CISA has classified this as a medium-severity vulnerability requiring attention from organizations using Thorium (CSAF).