VYPR
Moderate severityNVD Advisory· Published Oct 10, 2025· Updated Oct 10, 2025

Elasticsearch Insertion of sensitive information in log file

CVE-2025-37727

Description

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.elasticsearch:elasticsearchMaven
>= 7.0.0, < 8.18.88.18.8
org.elasticsearch:elasticsearchMaven
>= 8.19.0, < 8.19.58.19.5
org.elasticsearch:elasticsearchMaven
>= 9.0.0-beta1, < 9.0.89.0.8
org.elasticsearch:elasticsearchMaven
>= 9.1.0, < 9.1.59.1.5

Affected products

12

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.