CVE-2025-53106: Graylog vulnerable to privilege escalation through API tokens
(updated )
Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID.
For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation.
References
- github.com/Graylog2/graylog2-server
- github.com/Graylog2/graylog2-server/commit/6936bd16a783c2944a3d2f1e83902062520f90e3
- github.com/Graylog2/graylog2-server/commit/9215b8f1fd32566c31e6f7447ed864df3590c157
- github.com/Graylog2/graylog2-server/security/advisories/GHSA-3m86-c9x3-vwm9
- github.com/advisories/GHSA-3m86-c9x3-vwm9
- nvd.nist.gov/vuln/detail/CVE-2025-53106
Code Behaviors & Features
Detect and mitigate CVE-2025-53106 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →