CVE-2025-37731 — Improper Authentication in Elasticsearch

CWE-287 — Improper Authentication CWE-295 — Improper Certificate Validation8 documents7 sources

Severity

7.4HIGHNVD

CNA6.8

EPSS

0.1%

top 82.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elastic Elasticsearch

Timeline

PublishedDec 15

Description

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶NVDelastic/elasticsearch8.0.0 — 8.19.8+3

▶CVEListV5elastic/elasticsearch8.0.0 — 8.19.7+3

🔴Vulnerability Details

OSV

CVE-2025-37731: Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates↗2025-12-15

▶

OSV

Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates↗2025-12-15

▶

CVEList

Elasticsearch Improper Authentication↗2025-12-15

▶

GHSA

Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates↗2025-12-15

▶

📋Vendor Advisories

Red Hat

elasticsearch: Elasticsearch: User impersonation due to improper authentication in Public Key Infrastructure (PKI) realm↗2025-12-15

▶

Microsoft

Elasticsearch Improper Authentication↗2025-12-09

▶

🕵️Threat Intelligence

Wiz

CVE-2025-37731 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶