CVE-2025-9624

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.



This issue affects all OpenSearch versions below 3.2.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fluid AttacksCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
amazonopensearch
𝑥
< 3.3.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
opensearch
sid
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
opensearch
questing
dne
plucky
dne
noble
needs-triage
jammy
dne
Common Weakness Enumeration
References
https://fluidattacks.com/advisories/chick
https://opensearch.org/blog/explore-opensearch-3-3/