CVE-2025-49015

Published Jun 18, 2025

Last updated 8 days ago

CVSS medium 4.9

Overview

Description: The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.9
Impact score: 3.6
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-297

Hype score: Not currently trending

CVE-2025-49015 The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses… https://t.co/lwJ4Z62hOa
@CVEnew
19 Jun 2025
317 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:couchbase:.net_sdk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "378E9988-F16F-4A6E-9DBD-BC61DCE2225B",
            "versionEndIncluding": "3.7.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.