vulnerability
Red Hat JBoss EAP: CVE-2025-37727: Insertion of Sensitive Information into Log File
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:A/AC:L/Au:S/C:C/I:N/A:N) | Oct 10, 2025 | Oct 22, 2025 | Oct 22, 2025 |
Severity
6
CVSS
(AV:A/AC:L/Au:S/C:C/I:N/A:N)
Published
Oct 10, 2025
Added
Oct 22, 2025
Modified
Oct 22, 2025
Description
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-532
- CVE-2025-37727
- https://attackerkb.com/topics/CVE-2025-37727
- URL-https://access.redhat.com/security/cve/CVE-2025-37727
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2403034
- URL-https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453
- URL-https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.