VYPR
Moderate severityOSV Advisory· Published Dec 15, 2025· Updated Feb 26, 2026

Elasticsearch Improper Authentication

CVE-2025-37731

Description

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.elasticsearch:elasticsearchMaven
>= 7.0.0-alpha1, < 8.19.88.19.8
org.elasticsearch:elasticsearchMaven
>= 9.0.0-beta1, < 9.1.89.1.8
org.elasticsearch:elasticsearchMaven
>= 9.2.0, < 9.2.29.2.2

Affected products

21

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.