Medium severityNVD Advisory· Published Nov 14, 2025· Updated Apr 15, 2026

CVE-2025-12149

Description

In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.search-guard.com/latest/changelog-searchguard-flx-3_1_3nvd
docs.search-guard.com/latest/changelog-searchguard-flx-4_0_0nvd
search-guard.com/cve-advisory/nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000