Unrated severityNVD Advisory· Published Oct 13, 2025· Updated Feb 26, 2026
Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine
CVE-2025-37729
Description
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
Affected products
2- Elastic/Elastic Cloud Enterprise (ECE)v5Range: 2.5.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.