Elastic Elastic Cloud Enterprise (Ece)
3 CVEs affecting Elastic Elastic Cloud Enterprise (Ece). Latest disclosed: 2025-11-07. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-37729 | Critical | 9.1 | 2025-10-13 | Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltr… |
CVE-2025-37736 | High | 8.8 | 2025-11-07 | Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed… |
CVE-2018-3825 | Medium | 5.9 | 2018-09-19 | In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch… |