CVE-2025-37729
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
Vendor
Product
CWE
Yayın Tarihi
2025-10-13 14:15:34
Güncelleme
2025-12-11 20:59:06
Source Identifier
security@elastic.co
KEV Date Added
-