CVE-2025-37729
BaseFortify
Publication date: 2025-10-13
Last updated on: 2025-12-11
Assigner: Elastic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elastic | elastic_cloud_enterprise | From 2.5.0 (inc) to 3.8.2 (exc) |
| elastic | elastic_cloud_enterprise | From 4.0.0 (inc) to 4.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-37729 is a critical vulnerability in Elastic Cloud Enterprise (ECE) versions 2.5.0 through 3.8.1 and 4.0.0 through 4.0.1 caused by improper neutralization of special elements in the Jinjava template engine. This flaw allows a malicious actor with administrative access to the ECE admin console and a deployment with the Logging+Metrics feature enabled to execute arbitrary code by submitting specially crafted payloads in deployment plans. These payloads can be injected and executed, and the results can be exfiltrated via ingested logs. [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows an attacker with admin privileges to execute arbitrary code remotely, leading to full compromise of the affected system. The attacker can exfiltrate sensitive information and issue unauthorized commands, affecting confidentiality, integrity, and availability of the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring request logs for malicious payloads that include specific indicators such as 'payload.name : int3rpr3t3r' or 'payload.name : forPath'. You can use search queries on your logging system to find these patterns. For example, if using Elasticsearch or Kibana, you might run a query like: (payload.name : int3rpr3t3r OR payload.name : forPath) to identify suspicious activity related to this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Elastic Cloud Enterprise (ECE) to versions 3.8.2 or 4.0.2, which contain fixes for this vulnerability. There are no workarounds available for users who cannot upgrade, so applying the update is critical to prevent exploitation. [1]