CVE-2025-37731
published 2025-12-15CVE-2025-37731: Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to…
PriorityP344high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
EPSS
0.16%
5.5th percentile
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | elasticsearch | 7.0.0 – 7.17.29 | — |
| elastic | elasticsearch | >= 8.0.0 < 8.19.8 | 8.19.8 |
| elastic | elasticsearch | 8.0.0 – 8.19.7 | — |
| elastic | elasticsearch | >= 9.0.0 < 9.1.8 | 9.1.8 |
| elastic | elasticsearch | 9.0.0 – 9.1.7 | — |
| elastic | elasticsearch | >= 9.2.0 < 9.2.2 | 9.2.2 |
| elastic | elasticsearch | 9.2.0 – 9.2.1 | — |
| msrc | azl3_rubygem-elasticsearch_8.9.0-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_rubygem-elasticsearch_8.3.0-1_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
osv7.4HIGH
vendor_msrc6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-37731: Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates
osv·2025-12-15·CVSS 7.4
CVE-2025-37731 [HIGH] CVE-2025-37731: Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
OSV
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
osv·2025-12-15
CVE-2025-37731 [MEDIUM] Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
GHSA
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
ghsa·2025-12-15
CVE-2025-37731 [MEDIUM] CWE-287 Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
Red Hat
elasticsearch: Elasticsearch: User impersonation due to improper authentication in Public Key Infrastructure (PKI) realm
vendor_redhat·2025-12-15·CVSS 6.8
CVE-2025-37731 [MEDIUM] CWE-287 elasticsearch: Elasticsearch: User impersonation due to improper authentication in Public Key Infrastructure (PKI) realm
elasticsearch: Elasticsearch: User impersonation due to improper authentication in Public Key Infrastructure (PKI) realm
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
A flaw was found in Elasticsearch. This vulnerability allows user impersonation via specially crafted client certificates signed by a legitimate, trusted Certificate Authority (CA).
Statement: This vulnerability is rated Moderate for Red Hat because it allows user impersonation in Elasticsearch PKI realm. Exploitation requires a malicious actor to possess a specially crafted client certificate signed by a legitimate, trus
Microsoft
Elasticsearch Improper Authentication
vendor_msrc·2025-12-09·CVSS 6.8
CVE-2025-37731 [MEDIUM] CWE-287 Elasticsearch Improper Authentication
Elasticsearch Improper Authentication
Mariner: Mariner
elastic: elastic
Customer Action Required: Yes
No detection rules found.
No public exploits indexed.
2025-12-15
Published