CVE-2025-13653 | THREATINT

Description

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges.

PUBLISHED Reserved 2025-11-25 | Published 2025-12-01 | Updated 2025-12-01 | Assigner floragunn

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-863 Incorrect Authorization

Product status

Default status

unaffected

3.1.0 (semver)

affected

References

search-guard.com/cve-advisory/

docs.search-guard.com/latest/changelog-searchguard-flx-4_0_1

cve.org (CVE-2025-13653)

nvd.nist.gov (CVE-2025-13653)

Download JSON