CVE-2025-37731 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to hav…
Medium CVSS: 6.8

CVE-2025-37731

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
Vendor
Elastic
Product
Elasticsearch
CWE
CWE-287
Yayın Tarihi
2025-12-15 11:15:39
Güncelleme
2025-12-18 01:49:07
Source Identifier
security@elastic.co
KEV Date Added
-

Kategoriler

CWE-287 Elasticsearch MEDIUM Elastic 2025

Referanslar

https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063