CVE-2025-37728
published 2025-10-07CVE-2025-37728: Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached…
PriorityP429medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.23%
13.3th percentile
Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | 7.0.0 – 7.17.29 | — |
| elastic | kibana | 8.14.0 – 8.18.7 | — |
| elastic | kibana | 8.19.0 – 8.19.4 | — |
| elastic | kibana | 9.0.0 – 9.0.7 | — |
| elastic | kibana | 9.1.0 – 9.1.4 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-58ch-j8rc-9wfq: Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked
ghsa_unreviewed·2025-10-07
CVE-2025-37728 [MEDIUM] CWE-522 GHSA-58ch-j8rc-9wfq: Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked
Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access.
Red Hat
kibana: Kibana Insufficiently Protected Credentials in the CrowdStrike Connector
vendor_redhat·2025-10-07·CVSS 5.4
CVE-2025-37728 [MEDIUM] CWE-522 kibana: Kibana Insufficiently Protected Credentials in the CrowdStrike Connector
kibana: Kibana Insufficiently Protected Credentials in the CrowdStrike Connector
Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access.
A flaw was found in Kibana where the CrowdStrike connector stores credentials in a way that allows them to be accessed from other spaces. A malicious user could create and run a CrowdStrike connector in a space they control to access cached credentials belonging to another space, leading to unauthorized data access or manipulation.
Statement: The impact is MODERATE because the exploitation requires a Kibana user with
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-07
Published