CVE-2025-49015

Published: Jun 18, 2025Modified: Jul 9, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.

Affected (1)

Products: Couchbase: .net Sdk

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Couchbase .net Sdk	Up to 3.7.1

Related CWEs

Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

References (3)

https://docs.couchbase.com/server/current/release-notes/relnotes.html

Source: cve@mitre.org

Release Notes

https://forums.couchbase.com/tags/security

Source: cve@mitre.org

Issue Tracking

https://www.couchbase.com/alerts/

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.