Information disclosure in Floragunn Search Guard Flx

CVE-2025-12147

In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are improperly enforced on object-valued fields. When an FLS exclusion rule (e.g., ~field) is applied to a field which contains an object as its value, the…

Vulnerability class: Information Disclosure

EPSS: 0.001 (17.9th percentile) — read the EPSS interpretation.