CVE-2025-53106

Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...

CVE-2025-53106

Graylog grant path vulnerability affects versions 6.2.0–6.2.4 and 6.3.0-alpha.1–6.3.0-rc.2. A weak permission check in the REST API token creation process lets a user with an account issue crafted requests to create API tokens for high-privilege users (including local Administrator), enabling pri...