CVE-2025-49015

{"id": "CVE-2025-49015", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2025-06-18T14:15:44.870", "references": [{"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://forums.couchbase.com/tags/security", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://www.couchbase.com/alerts/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-297"}]}], "descriptions": [{"lang": "en", "value": "The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default."}, {"lang": "es", "value": "El SDK de Couchbase .NET (librer\u00eda cliente) anterior a la versi\u00f3n 3.7.1 no habilita correctamente la verificaci\u00f3n de nombres de host para certificados TLS. De hecho, el SDK tambi\u00e9n usaba direcciones IP en lugar de nombres de host debido a una opci\u00f3n de configuraci\u00f3n incorrectamente habilitada por defecto."}], "lastModified": "2025-07-09T18:46:32.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:couchbase:.net_sdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "378E9988-F16F-4A6E-9DBD-BC61DCE2225B", "versionEndIncluding": "3.7.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}