GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/89360?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89360?format=api",
    "vulnerability_id": "VCID-crxa-z2f7-5kce",
    "summary": "Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.",
    "aliases": [
        {
            "alias": "CVE-2025-25013"
        }
    ],
    "fixed_packages": [],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25013",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.0044",
                    "scoring_system": "epss",
                    "scoring_elements": "0.63625",
                    "published_at": "2026-06-11T12:55:00Z"
                },
                {
                    "value": "0.0044",
                    "scoring_system": "epss",
                    "scoring_elements": "0.63727",
                    "published_at": "2026-06-12T12:55:00Z"
                },
                {
                    "value": "0.0044",
                    "scoring_system": "epss",
                    "scoring_elements": "0.6374",
                    "published_at": "2026-06-13T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25013"
        },
        {
            "reference_url": "https://discuss.elastic.co/t/elastic-defend-8-17-3-security-update-esa-2025-05/376921",
            "reference_id": "376921",
            "reference_type": "",
            "scores": [
                {
                    "value": "6.5",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T19:28:00Z/"
                }
            ],
            "url": "https://discuss.elastic.co/t/elastic-defend-8-17-3-security-update-esa-2025-05/376921"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 532,
            "name": "Insertion of Sensitive Information into Log File",
            "description": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information."
        }
    ],
    "exploits": [],
    "severity_range_score": "6.5 - 6.5",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-crxa-z2f7-5kce"
}