vulnerability
Elastic Elasticsearch: CVE-2025-37727: Insertion of Sensitive Information into Log File
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:A/AC:L/Au:S/C:C/I:N/A:N) | Oct 10, 2025 | Dec 24, 2025 | Dec 24, 2025 |
Severity
6
CVSS
(AV:A/AC:L/Au:S/C:C/I:N/A:N)
Published
Oct 10, 2025
Added
Dec 24, 2025
Modified
Dec 24, 2025
Description
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
Solution
elastic-elasticsearch-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.