Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Elastic — Vulnerabilities & Security Advisories 222

Browse all 222 CVE security advisories affecting Elastic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Elastic:KibanaElasticsearchLogstashPacketbeatElastic X-Pack SecurityElastic Cloud EnterpriseAPM ServerElastic AgentX-Pack SecurityBeatsElastic Cloud Enterprise (ECE)Elastic Enterprise SearchElastic DefendMetricbeatFleet ServerFilebeatElastic Endpoint SecurityElastic Cloud on KubernetesElastic App SearchElasticsearch X-Pack Machine LearningElasticsearch X-Pack SecurityElastic Agent and Elastic DefendKibana X-Pack SecurityElastic X-Pack ReportingElastic Network Drive ConnectorElastic X-Pack AlertingEnterprise SearchElasticsearch-HadoopElastic Sharepoint Online Python ConnectorElastic APM Java Agent
CVE IDTitleCVSSSeverityPaused
CVE-2025-68382 Packetbeat Out-of-bounds Read — PacketbeatCWE-125 6.5 Medium2025-12-18
CVE-2025-68381 Packetbeat Improper Bounds Check — PacketbeatCWE-787 6.5 Medium2025-12-18
CVE-2025-68388 Elastic Packetbeat 安全漏洞 — PacketbeatCWE-770 5.3 Medium2025-12-18
CVE-2025-37731 Elasticsearch Improper Authentication — ElasticsearchCWE-287 6.8 Medium2025-12-15
CVE-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality — KibanaCWE-79 5.4 Medium2025-12-15
CVE-2025-37734 Kibana Origin Validation Error — KibanaCWE-346 4.3 Medium2025-11-12
CVE-2025-37736 Elastic Cloud Enterprise Improper Authorization — Elastic Cloud Enterprise (ECE)CWE-863 8.8 High2025-11-07
CVE-2025-37735 Elastic Defend 安全漏洞 — KibanaCWE-281 7.0 High2025-11-06
CVE-2025-37729 Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine — Elastic Cloud Enterprise (ECE)CWE-1336 9.1 Critical2025-10-13
CVE-2025-37727 Elasticsearch Insertion of sensitive information in log file — ElasticsearchCWE-532 5.7 Medium2025-10-10
CVE-2025-25017 Kibana Stored Cross-Site Scripting (XSS) — KibanaCWE-79 8.2 High2025-10-10
CVE-2025-25018 Kibana Stored Cross-Site Scripting (XSS) — KibanaCWE-79 8.7 High2025-10-10
CVE-2025-25009 Kibana Cross-Site Scripting (XSS) — KibanaCWE-79 8.7 High2025-10-07
CVE-2025-37728 Kibana Insufficiently Protected Credentials in the CrowdStrike Connector — KibanaCWE-522 5.4 Medium2025-10-07
CVE-2025-25010 Kibana privilege escalation via reporting_user role — KibanaCWE-863 6.5 Medium2025-08-28
CVE-2025-25011 Beats Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer — BeatsCWE-427 7.0 High2025-07-30
CVE-2025-0712 APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer — APM ServerCWE-427 7.0 High2025-07-30
CVE-2025-25012 Kibana Open Redirect — KibanaCWE-601 4.3 Medium2025-06-25
CVE-2024-43706 Kibana Improper Authorization — KibanaCWE-285 7.6 High2025-06-10
CVE-2025-25014 Kibana arbitrary code execution via prototype pollution — KibanaCWE-1321 9.1 Critical2025-05-06
CVE-2025-37730 Logstash Improper Certificate Validation in TCP output — LogstashCWE-295 6.5 Medium2025-05-06
CVE-2024-52979 Elasticsearch Uncontrolled Resource Consumption vulnerability — ElasticsearchCWE-400 6.5 Medium2025-05-01
CVE-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS — KibanaCWE-434 5.4 Medium2025-05-01
CVE-2025-25016 Kibana Unrestricted Upload of File — KibanaCWE-434 4.3 Medium2025-05-01
CVE-2024-11994 APM Server Insertion of Sensitive Information into Log File — APM ServerCWE-200 5.7 Medium2025-05-01
CVE-2024-52976 Elastic Agent Inclusion of Functionality from Untrusted Control Sphere — Elastic AgentCWE-829 4.4 Medium2025-05-01
CVE-2023-46669 Elastic Agent / Elastic Endpoint Security local API key disclosure — Elastic Agent and Elastic DefendCWE-200 6.2 Medium2025-05-01
CVE-2025-25013 Elastic Defend Insertion of Sensitive Information into Log Files — Elastic DefendCWE-532 6.5 Medium2025-04-08
CVE-2024-12556 Kibana Prototype Pollution can lead to code injection — KibanaCWE-1321 8.7 High2025-04-08
CVE-2024-52981 Elastic Elasticsearch 资源管理错误漏洞 — ElasticsearchCWE-400 4.9 Medium2025-04-08

This page lists every published CVE security advisory associated with Elastic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.