CVE-2025-9624: Opensearch Hunspell Path Traversal
The hunspell 'locale' parameter is fetched from user-controlled index settings and passed directly to HunspellService.getDictionary() without validation. An attacker with privileges to configure index settings can craft a locale parameter containing path traversal sequences (e.g. '../') to read arbitrary files or manipulate cache keys. Validate the locale us
greprules fetch cve-2025-9624-opensearch-hunspell-path-traversal --engine opengrepDescription
The hunspell 'locale' parameter is fetched from user-controlled index settings and passed directly to HunspellService.getDictionary() without validation. An attacker with privileges to configure index settings can craft a locale parameter containing path traversal sequences (e.g. '../') to read arbitrary files or manipulate cache keys. Validate the locale us
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.