← back
CVE-2025-37727

Elasticsearch Insertion of sensitive information in log file

CVSS 5.7 MEDIUMEPSS 0.2%CWE-532
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Elastic · Elasticsearch

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453