CVE-2025-37735
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Elastic | Kibana | 8.0.0 <= 8.19.5 | affected |
| Elastic | Kibana | 9.0.0 <= 9.1.5 | affected |
Weaknesses
- CWE-281: CWE-281 Improper Preservation of Permissions
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.