Elastic Filebeat vulnerabilities

2 known vulnerabilities affecting elastic/filebeat.

Total CVEs

2

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM1LOW1

Vulnerabilities

Page 1 of 1

CVE-2025-68383MEDIUMCVSS 6.5≥ 7.0.0, ≤ 7.17.29≥ 8.0.0, < 8.19.9+5 more2025-12-18

CVE-2025-68383 [MEDIUM] CWE-1284 CVE-2025-68383: Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog p Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissec

CVE-2023-31413LOWCVSS 3.3≤ 7.17.9v8.6.2+1 more2023-05-04

CVE-2023-31413 [LOW] CWE-200 CVE-2023-31413: Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http reques Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.