VYPR
High severityNVD Advisory· Published Nov 25, 2025· Updated Dec 15, 2025

OpenSearch 3.2.0 - Nested Boolean/Disjunction asymmetric DoS

CVE-2025-9624

Description

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.

This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.opensearch:opensearch-commonMaven
>= 3.0.0, < 3.3.03.3.0
org.opensearch:opensearch-commonMaven
< 2.19.42.19.4

Affected products

85

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.