CVE-2025-37736
BaseFortify
Publication date: 2025-11-07
Last updated on: 2025-12-11
Assigner: Elastic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elastic | elastic_cloud_enterprise | From 3.8.0 (inc) to 3.8.3 (exc) |
| elastic | elastic_cloud_enterprise | From 4.0.0 (inc) to 4.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Elastic Cloud Enterprise involves improper authorization that allows a built-in readonly user to perform actions via APIs that should normally be restricted. This can lead to privilege escalation, meaning the readonly user can gain higher privileges and perform unauthorized operations on the system.
How can this vulnerability impact me? :
The vulnerability can lead to significant security risks including unauthorized access and modification of sensitive configurations and user data. Since the readonly user can escalate privileges, it may result in full compromise of the system's confidentiality, integrity, and availability.