Moderate severityNVD Advisory· Published Oct 10, 2025· Updated Oct 10, 2025
Elasticsearch Insertion of sensitive information in log file
CVE-2025-37727
Description
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.elasticsearch:elasticsearchMaven | >= 7.0.0, < 8.18.8 | 8.18.8 |
org.elasticsearch:elasticsearchMaven | >= 8.19.0, < 8.19.5 | 8.19.5 |
org.elasticsearch:elasticsearchMaven | >= 9.0.0-beta1, < 9.0.8 | 9.0.8 |
org.elasticsearch:elasticsearchMaven | >= 9.1.0, < 9.1.5 | 9.1.5 |
Affected products
12- osv-coords11 versionspkg:apk/chainguard/elasticsearch-fips-8.17pkg:apk/chainguard/elasticsearch-fips-8.17-bitnamipkg:apk/chainguard/elasticsearch-fips-8.18-bitnamipkg:apk/chainguard/ruby3.2-elasticsearchpkg:apk/chainguard/ruby3.3-elasticsearchpkg:apk/chainguard/ruby3.4-elasticsearchpkg:apk/wolfi/ruby3.2-elasticsearchpkg:apk/wolfi/ruby3.3-elasticsearchpkg:apk/wolfi/ruby3.4-elasticsearchpkg:bitnami/elasticsearchpkg:maven/org.elasticsearch/elasticsearch
< 8.17.10-r14+ 10 more
- (no CPE)range: < 8.17.10-r14
- (no CPE)range: < 8.17.10-r14
- (no CPE)range: < 8.18.8-r5
- (no CPE)range: < 9.2.0-r0
- (no CPE)range: < 9.2.0-r0
- (no CPE)range: < 9.2.0-r0
- (no CPE)range: < 9.2.0-r0
- (no CPE)range: < 9.2.0-r0
- (no CPE)range: < 9.2.0-r0
- (no CPE)range: < 8.18.8
- (no CPE)range: >= 7.0.0, < 8.18.8
- Range: 7.0.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-56r7-h6mw-rcfvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-37727ghsaADVISORY
- discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453ghsaWEB
- github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07dbghsaWEB
- www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.htmlghsaWEB
News mentions
0No linked articles in our index yet.