VYPR
Moderate severityOSV Advisory· Published Dec 18, 2025· Updated Dec 19, 2025

Elasticsearch Allocation of Resources Without Limits or Throttling

CVE-2025-68384

Description

Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.elasticsearch.plugin:x-pack-securityMaven
< 8.19.98.19.9
org.elasticsearch.plugin:x-pack-securityMaven
>= 9.0.0, < 9.1.99.1.9
org.elasticsearch.plugin:x-pack-securityMaven
>= 9.2.0, < 9.2.39.2.3

Affected products

17

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.