May 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple IBM Concert Software Vulnerabilities
May 2, 2025CVE-2025-29825 – Microsoft Edge Chromium-based Vulnerability
May 2, 2025Multiple IBM Concert Software Vulnerabilities
May 2, 2025CVE-2025-29825 – Microsoft Edge Chromium-based Vulnerability
May 2, 2025
Severity
Medium
Analysis Summary
CVE-2023-46669 CVSS:6.2
Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.
CVE-2024-52979 CVSS:6.5
Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
CVE-2024-11390 CVSS:5.4
Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices.
CVE-2025-25016 CVSS:4.3
Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.
CVE-2024-11994 CVSS:5.7
APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs.
CVE-2024-52976 CVSS:4.4
Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. An attacker requires local access and the ability to modify osqueryd configurations.
Impact
- Denial of Service
- Gain Access
- Code Execution
- Cross-Site Scripting
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2023-46669
- CVE-2024-52979
- CVE-2024-11390
- CVE-2025-25016
- CVE-2024-11994
- CVE-2024-52976
Affected Vendors
- Elastic
Affected Products
- Elastic Agent and Elastic Endpoint Security - 8.15.0
- Elasticsearch - 7.17.25
- Elasticsearch - 8.16.0
- Elastic Kibana 7.17.6 to 7.17.23
- Elastic Kibana 8.4.0 to 8.11.4
- Elastic Kibana 7.17.0 to 7.17.18
- Elastic Kibana 8.0.0 to 8.12.3
- Elastic APM Server 8.0.0 to 8.16.1
- Elastic Agent - 7.17.24
- Elastic Agent - 8.15.3
Remediation
Refer to Elastic Security Advisory for patch, upgrade, or suggested workaround information.
