Elastic Stack Security Announcements

On August 16, 2025, Elastic’s Information Security team became aware of a blog and social media posts suggesting an alleged vulnerability in Elastic Defend. Having conducted a thorough investigation, Elastic’s Security Engineering team has found no evidence supporting the claims of a vulnerability that bypasses EDR monitoring and enables remote code execution. While the researcher claims to be able to trigger a crash/BSOD in the Elastic Endpoint driver from an unprivileged process, the only demonstration they have provided does so from another kernel driver. Elastic will continue to investigate and will provide updates for our customers and community, should we discover any valid security issues. We request that any detailed information that demonstrates the ability to crash the driver from an unprivileged process be shared with us at security@elastic.co. Background Elastic values its partnership with the security community. We lead a mature and proactive bug bounty program, launched in 2017, which has awarded over $600,000 in bounty payments. The security researcher making the claim submitted multiple reports to Elastic claiming Remote Code Execution (RCE) and behavior rules bypass for Elastic EDR. The reports lacked evidence of reproducible exploits. Elastic Security Engineering and our bug bounty triage team completed a thorough analysis trying to reproduce these reports and were unable to do so. Researchers are required to share reproducible proof-of-concepts; however, they declined. By not sharing full details and publicly posting, the conduct of this security researcher is contrary to the principles of coordinated disclosure. The Elastic Secure Software Development Framework (SSDF) ensures Elastic software is developed securely to minimize the security risks to our customers, Elastic Products, and our software supply chain. The framework is aligned with best practices for secure software development, including NIST SSDF, OWASP SAMM, and BSIMM. Our product security testing program requirements include in-house and third-party testing for Software Composition Analysis (SCA), Static Secure Code Analysis (SAST), Dynamic Application Security Testing (DAST), Third-party Pentesting, Red Team Adversarial Attack Simulation, and other tests. Elastic implements procedures to receive, analyze, respond to, and remediate vulnerabilities disclosed to us from all sources. Vulnerability impact assessments are performed to review and validate security findings, determine if Elastic products are affected, rate the severity, and perform remediation in accordance with the impact. For issues that have a significant security impact on Elastic products, an Elastic Security Advisory (ESA) is published to notify our users of the issue and remediations. As a CNA, Elastic assigns both a CVE and an ESA identifier to each advisory. Advisories are announced in the Security Announcements forum and published to Mitre/NVD. 1 post – 1 participant Read full topic

Beats Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer (ESA-2025-12) An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges. Affected Versions: Beats version before (not including) 9.1.0 Affected Configurations: The issue only affects the Windows Installer when installing Beats on Windows. Solutions and Mitigations: The issue is resolved in version 9.1.0. Severity: CVSSv3.1: 7.0 (High) – CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE ID: CVE-2025-25011 1 post – 1 participant Read full topic

APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer (ESA-2025-01) An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges. Affected Versions: APM Server version up to and including 8.16.2, and up to and including 8.17.0. Affected Configurations: The issue only affects the Windows Installer when installing APM Server on Windows. Solutions and Mitigations: The issue is resolved in version 8.16.3 and 8.17.1. Severity: CVSSv3.1: 7.0 (High) – CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE ID: CVE-2025-0712 1 post – 1 participant Read full topic

Kibana Open Redirect (ESA-2025-10) URL redirection to an untrusted site (‘Open Redirect’) in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL. Affected Versions: Kibana versions up to and including 7.17.28, 8.0.0 up to and including 8.17.7, 8.18.0 up to and including 8.18.2, and 9.0.0 up to and including 9.0.2 Affected Configurations: Kibana installations making use of Short URLs within the Discover, Dashboard, and Visualization Library features. Solutions and Mitigations: The issue is resolved in version 7.17.29, 8.17.8, or 8.18.3, or 9.0.3. For Users that Cannot Upgrade: Self-hosted Installations with a Basic license should have administrators restrict access to Kibana features which grant the ability to generate Short URLs: Dashboard => All Discover => All Visualize =>All Saved Objects Management => All Top-level “All” privilege granted to one or more spaces Installations with a Gold, Platinum, or Enterprise license can restrict access to short-url creation via sub-feature privileges within the Dashboard, Discover, and Visualize features above. This will allow administrators to continue allowing read/write access to the aforementioned features, but restrict the ability to generate Short URLs. Cloud Administrators should restrict access to Kibana features which grant the ability to generate Short URLs: Dashboard => All Discover => All Visualize =>All Saved Objects Management => All Top-level “All” privilege granted to one or more spaces Administrators can optionally restrict access to short-url creation via sub-feature privileges within the Dashboard, Discover, and Visualize features above. This will permit read/write access to the aforementioned features, but restrict the ability to generate Short URLs. Severity: CVSSv3.1: 4.3 (Medium) – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE ID: CVE-2025-25012 1 post – 1 participant Read full topic

Kibana Heap Corruption via Crafted HTML Page due to Chromium Type Confusion (ESA-2025-09) On March 10, 2025, Google announced CVE-2025-2135, which can lead to heap corruption via a crafted HTML page through a Type Confusion vulnerability. Affected Versions: Kibana versions up to and including 7.17.28, 8.0.0 up to and including 8.17.7, 8.18.0 up to and including 8.18.2, and 9.0.0 up to and including 9.0.2 Affected Configurations: Self-hosted and Elastic Cloud Kibana instances where PDF or PNG reporting is used. CSV reporting is not impacted. Serverless projects are not impacted. Solutions and Mitigations: Users should upgrade to version 7.17.29, 8.17.8, or 8.18.3, or 9.0.3. For Users that Cannot Upgrade: Self-hosted Disable Reporting: The Reporting feature can be disabled by adding xpack.reporting.enabled: false to the kibana.yml file. OR Limit access to users who can generate PDF/PNG reports to trusted accounts: 8.x: https://www.elastic.co/guide/en/kibana/8.18/reporting-settings-kb.html#reporting-advanced-settings 9.x: https://www.elastic.co/docs/deploy-manage/kibana-reporting-configuration#grant-user-access OR Configure reporting with a restrictive network policy, to prevent unauthorized redirection to an attacker-controlled site: If a network policy is configured. Note: if a network policy is configured, then you must include a rule which allows Chromium to connect to Kibana for report generation to succeed. Typically, Chromium will connect to Kibana on a local interface, but may be different based on the environment and your specific headless browser connection settings. # kibana.yml xpack.screenshotting.networkPolicy: rules: [ { allow: true, host: “localhost:5601” } ] Cloud On Elastic Cloud the code execution is limited within the Kibana Docker container. Further exploitation such as container escape is prevented by seccomp-bpf and AppArmor profiles. With these counter-measures the risk is reduced. Users who cannot upgrade can choose to take a precautionary measure by Disabling the Reporting feature for Elastic Cloud deployments. This can be achieved by modifying the Kibana user settings to include the following configuration: xpack.reporting.enabled: false Instructions for editing Kibana user settings on Elastic Cloud are available at https://www.elastic.co/docs/deploy-manage/deploy/elastic-cloud/edit-stack-settings#kibana-settings OR Limit access to users who can generate PDF/PNG reports to trusted accounts: a. 8.x: https://www.elastic.co/guide/en/kibana/8.18/reporting-settings-kb.html#reporting-advanced-settings b. 9.x: https://www.elastic.co/docs/deploy-manage/kibana-reporting-configuration#grant-user-access Severity: CVSSv3.1: 9.9 (Critical) – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE ID: CVE-2025-2135 1 post – 1 participant Read full topic

Kibana Improper Authorization (ESA-2024-21) Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint. Affected Versions: Kibana versions before and including 8.12.0. Solutions and Mitigations: The issue is resolved in versions 8.12.1. For Users that Cannot Upgrade: Self-hosted: Users with a self-hosted deployment who cannot upgrade can disable the synthetics app OR put a block on synthetics indices. Disable the synthetics by adding xpack.uptime.enabled: false to their kibana.yml file Put an index block on the synthetics-* indices to make them read-only see Elastic Cloud: Users on an Elastic Cloud deployment who cannot upgrade can put a block on synthetics indices Put an index block on the synthetics-* indices to make them read-only see Severity: High (7.6) – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/CR:M/IR:M/AR:M CVE ID: CVE-2024-43706 1 post – 1 participant Read full topic

Logstash Improper Certificate Validation in TCP output (ESA-2025-08) Improper certificate validation in Logstash’s TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set. Affected Versions: All versions prior to 8.17.6, as well as version 8.18.0 and version 9.0.0. Affected Configurations: This issue affects the TCP output plugin when run in “client” mode and ssl_verification_mode => full is set to full (the default). Solutions and Mitigations: The issue is resolved in version 8.17.6, 8.18.1, and 9.0.1. Alternatively, users may also upgrade the TCP output plugin to 6.2.2 or 7.0.1 by running bin/logstash-plugin update logstash-output-tcp. Severity: CVSSv3.1: 5.9 (Medium) – CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE ID: CVE-2025-37730 1 post – 1 participant Read full topic

Kibana arbitrary code execution via prototype pollution (ESA-2025-07) A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. Affected Versions: 8.3.0 to 8.17.5, and 8.18.0, and 9.0.0 Affected Configurations: Self-hosted and Elastic Cloud deployments with both Kibana’s Machine Learning and Reporting features enabled. Solutions and Mitigations: Users should upgrade to version 8.17.6, 8.18.1, or 9.0.1. For Users that Cannot Upgrade: Self-hosted Users with a self-hosted deployment who cannot upgrade should disable either Machine Learning OR Reporting. Disable Machine Learning: The Machine Learning feature can be disabled by adding xpack.ml.enabled: false to the elasticsearch.yml file. Alternatively, users can disable just the anomaly detection feature by adding xpack.ml.ad.enabled: false to the kibana.yml file. OR Disable Reporting: The Reporting feature can be disabled by adding xpack.reporting.enabled: false to the kibana.yml file. Elastic Cloud On Elastic Cloud the code execution is limited within the Kibana Docker container. Further exploitation such as container escape is prevented by seccomp-bpf and AppArmor profiles. With these counter-measures the risk is reduced. Users who cannot upgrade can choose to take a further measure by disabling the “Reporting” feature for Elastic Cloud deployments. This can be achieved by modifying the Kibana user settings to include the following configuration: xpack.reporting.enabled: false Instructions for editing Kibana user settings on Elastic Cloud are available at https://www.elastic.co/docs/deploy-manage/deploy/elastic-cloud/edit-stack-settings#kibana-settings Severity: CVSSv3.1: 9.1 (Critical) – CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE ID: CVE-2025-25014 Changes 2025-05-14: Created separate sections for self-hosted and Elastic Cloud under the section “For Users that Cannot Upgrade:”. Clarification on what counter-measures are in place for Elastic Cloud hosted deployments and made clear what configuration changes can be achieved based on deployment. 2025-05-08: Previously the document stated that xpack.ml.enabled: false is set in the kibana.yml file however, this should have read elasticsearch.yml. The document has been updated accordingly. 1 post – 1 participant Read full topic

Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS (ESA-2024-20) Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices. Affected Versions: 7.17.6 up to and including 7.17.23 and 8.4.0 up to and including 8.11.4 Solutions and Mitigations: The issue is resolved in Kibana 7.17.24 and 8.12.0 Severity: CVSSv3: 5.4 (Medium) – CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE ID: CVE-2024-11390 1 post – 1 participant Read full topic

Kibana Unrestricted Upload of File (ESA-2024-47) Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation. Affected Versions: 7.17.0 to 7.17.18 and 8.0.0 to 8.12.3 Solutions and Mitigations: The issue is resolved in version 7.17.19 or higher, and 8.13.0 or higher. Severity: CVSSv3.1: 4.3 (Medium) – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE ID: CVE-2025-25016 1 post – 1 participant Read full topic

APM Server Insertion of Sensitive Information into Log File (ESA-2024-41) APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs. Affected Versions: APM Server versions > 8.0.0 and < 8.16.1 Solutions and Mitigations: The issue is resolved in version 8.16.1 Severity: CVSSv3: 5.7(Medium) – AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE ID: CVE-2024-11994 1 post – 1 participant Read full topic

Elasticsearch Uncontrolled Resource Consumption vulnerability(ESA-2024-40) Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash. Affected Versions: Elasticsearch versions < 7.17.25 and Elasticsearch versions < 8.16.0 Solutions and Mitigations: The issue is resolved in versions 7.17.25 and 8.16.0 Severity: CVSSv3.1: 6.5 (Medium) AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE ID: CVE-2024-52979 1 post – 1 participant Read full topic

Elastic Agent Inclusion of Functionality from Untrusted Control Sphere (ESA-2024-39) Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. An attacker requires local access and the ability to modify osqueryd configurations. Affected Versions: Elastic Agent <= 7.17.24 and Elastic Agent <= 8.15.3 Solutions and Mitigations: The issue is resolved in version 7.17.25 and 8.15.4 or greater. Severity: CVSSv3.1: 4.4 (Medium) – CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N} CVE ID: CVE-2024-52976 1 post – 1 participant Read full topic

Logstash affected by CVE-2024-47561 in Apache Avro (ESA-2024-38) On October 3, 2024, CVE-2024-47561 was published, which can lead to execution of arbitrary code. The issue only affects users using the Kafka integration plugin and only if a malicious schema is loaded through the schema registry. Additionally both the Kafka input and output plugins are also vulnerable if a user created Serializer/Deserializer classes that takes an Avro Schema Affected Versions: <= 8.15.2 Solutions and Mitigations: Users should upgrade to Logstash version 8.15.3 where Apache Avro has been updated to version 11.5.2. For Users that Cannot Upgrade: Users can manually upgrade the logstash-integration-kafka plugin to 11.5.2 Severity: CVSSv3.1: 7.2 (High) – CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE ID: CVE-2024-47561 1 post – 1 participant Read full topic

Elastic Agent / Elastic Endpoint Security local API key disclosure (ESA-2025-03) Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors. Affected Versions: Elastic Agent and Elastic Endpoint Security versions < 8.15.0 Solutions and Mitigations: The issue is resolved in version 8.15.0. Severity: CVSSv3.1: 6.2 (Medium) – AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE ID: CVE-2023-46669 1 post – 1 participant Read full topic

Elasticsearch Uncontrolled Resource Consumption vulnerability (ESA-2024-37) An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow. Affected Versions: Elasticsearch versions 7.17.0 to 7.17.23 and 8.0 to 8.15.0. Solutions and Mitigations: Users should upgrade to version 7.17.24 or higher, or version 8.15.1 or higher. Severity: CVSS v3.1: 4.9 (Medium) – CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/CR:M/IR:M/AR:M CVE ID: CVE-2024-52981 2025-04-25 Update: added version 7.17.24 to solutions and mitigations 1 post – 1 participant Read full topic

Kibana Uncontrolled Resource Consumption vulnerability (ESA-2024-36) An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them. Affected Versions: Kibana versions 7.17.0 to 7.17.22 and versions 8.0.0 to 8.15.0. Solutions and Mitigations: Users should upgrade to version 8.15.1 or higher. Severity: CVSS v3.1: 6.5 (Medium) – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE ID: CVE-2024-52974 1 post – 1 participant Read full topic

Logstash Inefficient Regular Expression Complexity (ESA-2024-48) On October 28th, 2024, Ruby announced CVE-2024-49761 in rexml which can lead to ReDoS when parsing XML that has many digits between &# and x…; in a hex numeric character reference (&#x…;). The issue only affects users that use the Logstash XML filter plugin, that can parse untrusted XML data. Affected Versions: Logstash versions 7.0.0 <= 8.15.2 Solutions and Mitigations: The issue is resolved in version 8.15.3, 8.16.0 and higher. Severity: CVSSv3.1: 5.3(Medium) – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE ID: CVE-2024-49761 1 post – 1 participant Read full topic

Elastic Defend Insertion of Sensitive Information into Log Files (ESA-2025-05) Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack. This issue only affects users running Elastic Defend on the macOS platform. Affected Versions: Elastic Defend versions before 8.17.3 Solutions and Mitigations: The issue is resolved in version 8.17.3 and higher Severity: CVSSv3.1: 6.5 (Medium) – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE ID: CVE-2025-25013 1 post – 1 participant Read full topic

Logstash Uncontrolled Resource Consumption vulnerability (ESA-2024-35) On August 19, 2024, Floraison announced CVE-2024-43380, which affects fugit “natural” parser. The parser turns natural language into a cron date and was found to accept any length of input, causing an uncontrolled resource consumption when parsing very long strings. Affected Versions: Logstash versions 7.17.0 to 8.15.0. Solutions and Mitigations: Users should upgrade to version 8.15.1 or higher. Severity: CVSS v3.1: 5.3 (Medium) – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE ID: CVE-2024-43380 1 post – 1 participant Read full topic

Elasticsearch Uncontrolled Resource Consumption vulnerability (ESA-2024-34) A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them. Affected Versions: Elasticsearch versions 7.17.0 to 8.15.0. Solutions and Mitigations: Users should upgrade to version 8.15.1 or higher. For Users That Cannot Upgrade: Remove the Elasticsearch cluster privileges outlined above from users. Severity: CVSS v3.1: 6.5 (Medium) – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE ID: CVE-2024-52980 1 post – 1 participant Read full topic

Kibana Prototype Pollution can lead to code injection (ESA-2025-02) Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal. Affected Versions: Kibana versions 8.16.1 up to and including 8.16.3, and 8.17.0 up to and including 8.17.1 Solutions and Mitigations: Users should upgrade to version 8.16.4 and 8.17.2 or higher For Users that cannot upgrade: Customers who cannot upgrade to 8.16.4 or 8.17.2 can disable the integration assistant by setting xpack.integration_assistant.enabled: false in their kibana.yml configuration file. Severity: CVSS v3.1: 8.7(High) – CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVE ID: CVE-2024-12556 2025-06-05: Previous the communicated affected versions alluded that 8.16.4 was affected. This has been updated to clarify that 8.16.4 is not affected. 1 post – 1 participant Read full topic

Kibana arbitrary code execution via prototype pollution (ESA-2025-06) Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors This issue does not affect self-managed Kibana instances on Basic or Platinum licences. However, self-managed Kibana users on an Enterprise licence are affected as the vulnerable functionality is enabled. This issue affects Kibana instances running on Elastic Cloud but the code execution is limited within the Kibana Docker container. Further exploitation such as container escape is prevented by seccomp-bpf and AppArmor profiles. Affected Versions: Kibana versions >= 8.15.0 and < 8.16.6 Kibana versions >= 8.17.0 and < 8.17.3 Solutions and Mitigations: Users should upgrade to Kibana version 8.16.6 or Kibana version 8.17.3. For users that cannot upgrade: Set xpack.integration_assistant.enabled: false in Kibana’s configuration. Severity: CVSSv3.1: 9.9(Critical) – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE ID: CVE-2025-25015 Updates 2025-04-02: Added details about affected versions. 2025-03-07: Added details about applicability. 2025-03-06: Corrected the CVE ID. Previous versions of this page incorrectly referenced CVE-2025-25012. 2025-07-10: Clarified that users on an Enterprise license are affected. 1 post – 1 participant Read full topic

Kibana allocation of resources without limits or throttling leads to crash (ESA-2024-33) An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana. Affected Versions: Kibana versions up to and including 7.17.22 and 8.0.0 up to and including 8.14.3 Solutions and Mitigations: The issue is resolved in versions 7.17.23 and 8.15.0 Severity: CVSSv3.1: 6.5 (Medium) – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE ID: CVE-2024-52972 Kibana allocation of resources without limits or throttling leads to crash (ESA-2024-32) An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana. Affected Versions: Kibana versions up to and including 7.17.22 and 8.0.0 up to and including 8.14.3 Solutions and Mitigations: The issue is resolved in versions 7.17.23 and 8.15.0 Severity: CVSSv3.1: 6.5 (Medium) – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE ID: CVE-2024-43708 2025-05-14: Wording updated in the “Affected Versions” section to improve the clarity around the affected versions. 1 post – 1 participant Read full topic

Fleet Server sensitive information exposure via logs (ESA-2024-31) An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled. Affected Versions: Fleet Server versions from 8.13.0 up to 8.15.0 Solutions and Mitigations: Users should upgrade to version 8.15.0 Severity: CVSSv3.1: 9.0 (Critical) – CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE ID: CVE-2024-52975 1 post – 1 participant Read full topic