Medium severity4.3NVD Advisory· Published Dec 1, 2025· Updated Apr 15, 2026

CVE-2025-13653

Description

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.search-guard.com/latest/changelog-searchguard-flx-4_0_1nvd
search-guard.com/cve-advisory/nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000