CVE-2025-37729

9.1CRITICAL

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing c

发布于: 10/13/2025更新于: 12/11/2025
在NVD查看在MITRE查看

描述

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.

AI分析AI驱动

受影响产品

elasticelastic_cloud_enterprise
elasticelastic_cloud_enterprise

参考资料