Moderate severityOSV Advisory· Published Dec 15, 2025· Updated Feb 26, 2026
Elasticsearch Improper Authentication
CVE-2025-37731
Description
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.elasticsearch:elasticsearchMaven | >= 7.0.0-alpha1, < 8.19.8 | 8.19.8 |
org.elasticsearch:elasticsearchMaven | >= 9.0.0-beta1, < 9.1.8 | 9.1.8 |
org.elasticsearch:elasticsearchMaven | >= 9.2.0, < 9.2.2 | 9.2.2 |
Affected products
21- Range: v9.2.0, v9.2.1
- osv-coords20 versionspkg:apk/chainguard/elasticsearch-fips-8.17pkg:apk/chainguard/elasticsearch-fips-8.17-bitnamipkg:apk/chainguard/elasticsearch-fips-8.18pkg:apk/chainguard/elasticsearch-fips-8.18-bitnamipkg:apk/chainguard/ruby3.2-elasticsearchpkg:apk/chainguard/ruby3.3-elasticsearchpkg:apk/chainguard/ruby3.4-elasticsearchpkg:apk/chainguard/ruby4.0-elasticsearchpkg:apk/chainguard/sonarqubepkg:apk/chainguard/sonarqube-docker-compatpkg:apk/chainguard/sonarqube-scriptspkg:apk/wolfi/ruby3.2-elasticsearchpkg:apk/wolfi/ruby3.3-elasticsearchpkg:apk/wolfi/ruby3.4-elasticsearchpkg:apk/wolfi/ruby4.0-elasticsearchpkg:apk/wolfi/sonarqubepkg:apk/wolfi/sonarqube-docker-compatpkg:apk/wolfi/sonarqube-scriptspkg:bitnami/elasticsearchpkg:maven/org.elasticsearch/elasticsearch
< 8.17.10-r14+ 19 more
- (no CPE)range: < 8.17.10-r14
- (no CPE)range: < 8.17.10-r14
- (no CPE)range: < 8.18.8-r7
- (no CPE)range: < 8.18.8-r7
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.3.0-r0
- (no CPE)range: < 25.12.0.117093-r1
- (no CPE)range: < 25.12.0.117093-r1
- (no CPE)range: < 25.12.0.117093-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.3.0-r0
- (no CPE)range: < 25.12.0.117093-r1
- (no CPE)range: < 25.12.0.117093-r1
- (no CPE)range: < 25.12.0.117093-r1
- (no CPE)range: < 8.19.8
- (no CPE)range: >= 7.0.0-alpha1, < 8.19.8
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-m9gh-789g-q5pvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-37731ghsaADVISORY
- discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063ghsaWEB
- github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286fghsaWEB
- github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983ghsaWEB
- github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23ghsaWEB
News mentions
0No linked articles in our index yet.