Elastic Apm Server
5 CVEs affecting Elastic Apm Server. Latest disclosed: 2025-07-30. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-0712 | High | 7.0 | 2025-07-30 | An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises fro… |
CVE-2023-31421 | Medium | 5.9 | 2023-10-26 | It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid fo… |
CVE-2024-11994 | Medium | 5.7 | 2025-05-01 | APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclo… |
CVE-2024-37286 | Medium | 5.7 | 2024-08-03 | APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document… |
CVE-2024-23448 | Medium | 5.7 | 2024-02-07 | An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that respon… |