CVE-2025-37727

State: PUBLISHED · Published: 2025-10-10 · Updated: 2025-10-10 · Assigner: elastic

Description

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex

CWE

CWE-532 — CWE-532 Insertion of Sensitive Information into Log File

Affected

Elastic / Elasticsearch — v=7.0.0 ≤7.17.29 [affected]; v=8.0.0 ≤8.18.7 [affected]; v=8.19.0 ≤8.19.4 [affected]; v=9.0.0 ≤9.0.7 [affected]; v=9.1.0 ≤9.1.4 [affected]

CVSS

3.1 score=5.7 severity=MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453

Source

cvelistV5-main/cves/2025/37xxx/CVE-2025-37727.json