Unrated severityNVD Advisory· Published Oct 13, 2025· Updated Feb 26, 2026
Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine
CVE-2025-37729
Description
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 2.5.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.