CVE-2025-35434
Published
CVSS v3
4.2
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.
A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.
GitHub