5.7
CVE-2025-37727
- EPSS 0.02%
- Veröffentlicht 10.10.2025 09:56:15
- Zuletzt bearbeitet 23.12.2025 17:39:24
- Quelle security@elastic.co
- CVE-Watchlists
- Unerledigt
Elasticsearch Insertion of sensitive information in log file
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elastic ≫ Elasticsearch Version >= 7.0.0 <= 7.17.29
Elastic ≫ Elasticsearch Version >= 8.0.0 < 8.18.8
Elastic ≫ Elasticsearch Version >= 8.19.0 < 8.19.5
Elastic ≫ Elasticsearch Version >= 9.0.0 < 9.0.8
Elastic ≫ Elasticsearch Version >= 9.1.0 < 9.1.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.053 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@elastic.co | 5.7 | 2.1 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.