Medium severity4.9NVD Advisory· Published Jun 18, 2025· Updated Jun 17, 2026
CVE-2025-49015
CVE-2025-49015
Description
The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
CouchbaseNetClientNuGet | >= 0 | — |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-px2c-r924-mwccghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-49015ghsaADVISORY
- www.couchbase.com/alerts/nvdVendor Advisory
- docs.couchbase.com/server/current/release-notes/relnotes.htmlnvdRelease NotesWEB
- forums.couchbase.com/tags/securitynvdIssue TrackingWEB
- github.com/couchbase/couchbase-net-client/commit/04d1679b2178f922036be6e595b3d91f972c5ba3ghsaWEB
- www.couchbase.com/alertsghsaWEB
News mentions
0No linked articles in our index yet.