Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Elastic Cloud Enterprise (ECE) by Elastic

    CVE-2025-37736 (GCVE-0-2025-37736)

    Vulnerability from nvd – Published: 2025-11-07 22:08 – Updated: 2026-02-26 17:47
    VLAI
    Title
    Elastic Cloud Enterprise Improper Authorization
    Summary
    Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts delete:/platform/configuration/security/service-accounts/{user_id} patch:/platform/configuration/security/service-accounts/{user_id} post:/platform/configuration/security/service-accounts/{user_id}/keys delete:/platform/configuration/security/service-accounts/{user_id}/keys/{api_key_id} patch:/user post:/users post:/users/auth/keys delete:/users/auth/keys delete:/users/auth/keys/_all delete:/users/auth/keys/{api_key_id} delete:/users/{user_id}/auth/keys delete:/users/{user_id}/auth/keys/{api_key_id} delete:/users/{user_name} patch:/users/{user_name}
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elastic Cloud Enterprise (ECE) Affected: 3.8.0 , ≤ 3.8.2 (semver)
    Affected: 4.0.0 , ≤ 4.0.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37736",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-11T04:55:36.114423Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:06.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elastic Cloud Enterprise (ECE)",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.2",
                  "status": "affected",
                  "version": "3.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.0.2",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is:\u003c/p\u003e\u003cdiv\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003epost:/platform/configuration/security/service-accounts\u003cbr\u003edelete:/platform/configuration/security/service-accounts/{user_id}\u003cbr\u003epatch:/platform/configuration/security/service-accounts/{user_id}\u003cbr\u003epost:/platform/configuration/security/service-accounts/{user_id}/keys\u003cbr\u003edelete:/platform/configuration/security/service-accounts/{user_id}/keys/{api_key_id}\u003cbr\u003epatch:/user\u003cbr\u003epost:/users\u003cbr\u003epost:/users/auth/keys\u003cbr\u003edelete:/users/auth/keys\u003cbr\u003edelete:/users/auth/keys/_all\u003cbr\u003edelete:/users/auth/keys/{api_key_id}\u003cbr\u003edelete:/users/{user_id}/auth/keys\u003cbr\u003edelete:/users/{user_id}/auth/keys/{api_key_id}\u003cbr\u003edelete:/users/{user_name}\u003cbr\u003epatch:/users/{user_name} \u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is:\n\n\n\n\n\npost:/platform/configuration/security/service-accounts\ndelete:/platform/configuration/security/service-accounts/{user_id}\npatch:/platform/configuration/security/service-accounts/{user_id}\npost:/platform/configuration/security/service-accounts/{user_id}/keys\ndelete:/platform/configuration/security/service-accounts/{user_id}/keys/{api_key_id}\npatch:/user\npost:/users\npost:/users/auth/keys\ndelete:/users/auth/keys\ndelete:/users/auth/keys/_all\ndelete:/users/auth/keys/{api_key_id}\ndelete:/users/{user_id}/auth/keys\ndelete:/users/{user_id}/auth/keys/{api_key_id}\ndelete:/users/{user_name}\npatch:/users/{user_name}"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-07T22:17:25.666Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-ece-3-8-3-and-4-0-3-security-update-esa-2025-22/383132"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elastic Cloud Enterprise Improper Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-37736",
        "datePublished": "2025-11-07T22:08:11.891Z",
        "dateReserved": "2025-04-16T03:24:04.511Z",
        "dateUpdated": "2026-02-26T17:47:06.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-37729 (GCVE-0-2025-37729)

    Vulnerability from nvd – Published: 2025-10-13 13:47 – Updated: 2026-02-26 17:47
    VLAI
    Title
    Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine
    Summary
    Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elastic Cloud Enterprise (ECE) Affected: 2.5.0 , ≤ 3.8.1 (semver)
    Affected: 4.0.0 , ≤ 4.0.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37729",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-21T03:55:24.935946Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:45.796Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elastic Cloud Enterprise (ECE)",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.1",
                  "status": "affected",
                  "version": "2.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.0.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eImproper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1336",
                  "description": "CWE-1336",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T13:47:08.907Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-ece-3-8-2-and-4-0-2-security-update-esa-2025-21/382641"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-37729",
        "datePublished": "2025-10-13T13:47:08.907Z",
        "dateReserved": "2025-04-16T03:24:04.510Z",
        "dateUpdated": "2026-02-26T17:47:45.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-3825 (GCVE-0-2018-3825)

    Vulnerability from nvd – Published: 2018-09-19 19:00 – Updated: 2024-08-05 04:57
    VLAI
    Summary
    In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.
    Severity
    No CVSS data available.
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    References
    Impacted products
    Date Public
    2018-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:24.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.elastic.co/community/security"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Elastic Cloud Enterprise (ECE)",
              "vendor": "Elastic",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.1.4"
                }
              ]
            }
          ],
          "datePublic": "2018-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-19T18:57:01.000Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.elastic.co/community/security"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@elastic.co",
              "ID": "CVE-2018-3825",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Elastic Cloud Enterprise (ECE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Elastic"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-321: Use of Hard-coded Cryptographic Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elastic.co/community/security",
                  "refsource": "CONFIRM",
                  "url": "https://www.elastic.co/community/security"
                },
                {
                  "name": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
                  "refsource": "CONFIRM",
                  "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2018-3825",
        "datePublished": "2018-09-19T19:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:57:24.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-37736 (GCVE-0-2025-37736)

    Vulnerability from cvelistv5 – Published: 2025-11-07 22:08 – Updated: 2026-02-26 17:47
    VLAI
    Title
    Elastic Cloud Enterprise Improper Authorization
    Summary
    Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts delete:/platform/configuration/security/service-accounts/{user_id} patch:/platform/configuration/security/service-accounts/{user_id} post:/platform/configuration/security/service-accounts/{user_id}/keys delete:/platform/configuration/security/service-accounts/{user_id}/keys/{api_key_id} patch:/user post:/users post:/users/auth/keys delete:/users/auth/keys delete:/users/auth/keys/_all delete:/users/auth/keys/{api_key_id} delete:/users/{user_id}/auth/keys delete:/users/{user_id}/auth/keys/{api_key_id} delete:/users/{user_name} patch:/users/{user_name}
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elastic Cloud Enterprise (ECE) Affected: 3.8.0 , ≤ 3.8.2 (semver)
    Affected: 4.0.0 , ≤ 4.0.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37736",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-11T04:55:36.114423Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:06.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elastic Cloud Enterprise (ECE)",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.2",
                  "status": "affected",
                  "version": "3.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.0.2",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is:\u003c/p\u003e\u003cdiv\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003epost:/platform/configuration/security/service-accounts\u003cbr\u003edelete:/platform/configuration/security/service-accounts/{user_id}\u003cbr\u003epatch:/platform/configuration/security/service-accounts/{user_id}\u003cbr\u003epost:/platform/configuration/security/service-accounts/{user_id}/keys\u003cbr\u003edelete:/platform/configuration/security/service-accounts/{user_id}/keys/{api_key_id}\u003cbr\u003epatch:/user\u003cbr\u003epost:/users\u003cbr\u003epost:/users/auth/keys\u003cbr\u003edelete:/users/auth/keys\u003cbr\u003edelete:/users/auth/keys/_all\u003cbr\u003edelete:/users/auth/keys/{api_key_id}\u003cbr\u003edelete:/users/{user_id}/auth/keys\u003cbr\u003edelete:/users/{user_id}/auth/keys/{api_key_id}\u003cbr\u003edelete:/users/{user_name}\u003cbr\u003epatch:/users/{user_name} \u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is:\n\n\n\n\n\npost:/platform/configuration/security/service-accounts\ndelete:/platform/configuration/security/service-accounts/{user_id}\npatch:/platform/configuration/security/service-accounts/{user_id}\npost:/platform/configuration/security/service-accounts/{user_id}/keys\ndelete:/platform/configuration/security/service-accounts/{user_id}/keys/{api_key_id}\npatch:/user\npost:/users\npost:/users/auth/keys\ndelete:/users/auth/keys\ndelete:/users/auth/keys/_all\ndelete:/users/auth/keys/{api_key_id}\ndelete:/users/{user_id}/auth/keys\ndelete:/users/{user_id}/auth/keys/{api_key_id}\ndelete:/users/{user_name}\npatch:/users/{user_name}"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-07T22:17:25.666Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-ece-3-8-3-and-4-0-3-security-update-esa-2025-22/383132"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elastic Cloud Enterprise Improper Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-37736",
        "datePublished": "2025-11-07T22:08:11.891Z",
        "dateReserved": "2025-04-16T03:24:04.511Z",
        "dateUpdated": "2026-02-26T17:47:06.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-37729 (GCVE-0-2025-37729)

    Vulnerability from cvelistv5 – Published: 2025-10-13 13:47 – Updated: 2026-02-26 17:47
    VLAI
    Title
    Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine
    Summary
    Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elastic Cloud Enterprise (ECE) Affected: 2.5.0 , ≤ 3.8.1 (semver)
    Affected: 4.0.0 , ≤ 4.0.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37729",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-21T03:55:24.935946Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:45.796Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elastic Cloud Enterprise (ECE)",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.1",
                  "status": "affected",
                  "version": "2.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.0.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eImproper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1336",
                  "description": "CWE-1336",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T13:47:08.907Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-ece-3-8-2-and-4-0-2-security-update-esa-2025-21/382641"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-37729",
        "datePublished": "2025-10-13T13:47:08.907Z",
        "dateReserved": "2025-04-16T03:24:04.510Z",
        "dateUpdated": "2026-02-26T17:47:45.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-3825 (GCVE-0-2018-3825)

    Vulnerability from cvelistv5 – Published: 2018-09-19 19:00 – Updated: 2024-08-05 04:57
    VLAI
    Summary
    In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.
    Severity
    No CVSS data available.
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    References
    Impacted products
    Date Public
    2018-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:24.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.elastic.co/community/security"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Elastic Cloud Enterprise (ECE)",
              "vendor": "Elastic",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.1.4"
                }
              ]
            }
          ],
          "datePublic": "2018-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-19T18:57:01.000Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.elastic.co/community/security"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@elastic.co",
              "ID": "CVE-2018-3825",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Elastic Cloud Enterprise (ECE)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Elastic"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-321: Use of Hard-coded Cryptographic Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elastic.co/community/security",
                  "refsource": "CONFIRM",
                  "url": "https://www.elastic.co/community/security"
                },
                {
                  "name": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
                  "refsource": "CONFIRM",
                  "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2018-3825",
        "datePublished": "2018-09-19T19:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:57:24.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }