Vulnerability Details CVE-2025-37729
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.3%
CVSS Severity
CVSS v3 Score 9.1
Products affected by CVE-2025-37729
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.10.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.10.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.11.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.11.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.11.2
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.12.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.12.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.12.2
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.12.3
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.12.4
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.13.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.13.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.13.2
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.13.3
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.13.4
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.5.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.5.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.6.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.6.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.6.2
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.7.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.7.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.7.2
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.8.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.8.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.9.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.9.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:2.9.2
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.0.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.1.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.1.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.2.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.2.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.3.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.4.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.4.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.5.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.5.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.6.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.6.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.6.2
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.7.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.7.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.7.2
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.7.3
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.8.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:3.8.1
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:4.0.0
-
cpe:2.3:a:elastic:elastic_cloud_enterprise:4.0.1