CVE-2025-27912

CVE-2025-27912 is a cross-site request forgery (CSRF) vulnerability in Datalust Seq versions prior to 2024.3.13545, stemming from missing Content-Type validation. This flaw affects the Seq logging and monitoring server, which supports various authentication methods including Entra ID, OpenID Connect, username/password, and Active Directory. Assigned CWE-352, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.

The vulnerability can be exploited by an attacker who tricks an authenticated user into visiting a malicious or compromised website. Exploitation is possible in two scenarios: first, when Entra ID or OpenID Connect authentication is enabled, regardless of domain; second, when username/password or Active Directory authentication is used and the malicious site shares the same effective top-level domain (eTLD) as the Seq server. Successful attacks enable impersonation, allowing the attacker to perform arbitrary actions in Seq on behalf of the victim user, such as modifying logs or configurations.

Mitigation requires upgrading to Datalust Seq version 2024.3.13545 or later, as indicated by the vulnerability's versioning in the disclosure. Additional details are available in the vendor's Seq documentation at https://datalust.co/seq and the GitHub issue tracker at https://github.com/datalust/seq-tickets/issues/2366.