CVE-2025-37728

Summary

Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access.

Affected Software

VendorProductVersion RangeStatus
ElasticKibana7.0.0 <= 7.17.29affected
ElasticKibana8.14.0 <= 8.18.7affected
ElasticKibana8.19.0 <= 8.19.4affected
ElasticKibana9.0.0 <= 9.0.7affected
ElasticKibana9.1.0 <= 9.1.4affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References