VYPR
Moderate severityOSV Advisory· Published Dec 18, 2025· Updated Dec 19, 2025

Elasticsearch Allocation of Resources Without Limits or Throttling

CVE-2025-68390

Description

Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.elasticsearch.plugin:x-pack-coreMaven
< 8.19.88.19.8
org.elasticsearch.plugin:x-pack-coreMaven
>= 9.0.0, < 9.1.89.1.8
org.elasticsearch.plugin:x-pack-coreMaven
>= 9.2.0, < 9.2.29.2.2

Affected products

23

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.