CVE-2025-9624: OpenSearch is vulnerable to DoS via complex query_string inputs
(updated )
A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.
This issue affects all OpenSearch versions below 2.19.4 and versions 3.0.0 through 3.2.0.
References
- caverav.cl/posts/opensearch-dos/opensearch-dos
- fluidattacks.com/advisories/chick
- github.com/advisories/GHSA-mw3v-mmfw-3x2g
- github.com/opensearch-project/OpenSearch
- github.com/opensearch-project/OpenSearch/pull/19491
- github.com/opensearch-project/OpenSearch/releases/tag/2.19.4
- github.com/opensearch-project/OpenSearch/releases/tag/3.3.0
- nvd.nist.gov/vuln/detail/CVE-2025-9624
- opensearch.org/blog/explore-opensearch-3-3
Code Behaviors & Features
Detect and mitigate CVE-2025-9624 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →