Vulnerability Details CVE-2025-49015
The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.4%
CVSS Severity
CVSS v3 Score 4.9
References