CVE-2025-37735Improper Preservation of Permissions in Kibana

CWE-281Improper Preservation of Permissions3 documents3 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 98.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedNov 6

Description

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

CVEListV5elastic/kibana8.0.08.19.5+1

🔴Vulnerability Details

2
GHSA
GHSA-j5h3-g7ch-42qf: Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service2025-11-06
CVEList
CVE-2025-37735: Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service2025-11-06
CVE-2025-37735 — Improper Preservation of Permissions | cvebase