VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-nk5e-g4n6-xkhf

Essentials
Severities (16)
References (10)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-nk5e-g4n6-xkhf
Aliases	CVE-2025-37731 GHSA-m9gh-789g-q5pv
Summary	Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
Status	Published
Exploitability	0.5
Weighted Severity	6.7
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-287	Improper Authentication
CWE-295	Improper Certificate Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37731.json
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2025-37731
cvssv3.1	6.8	https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063
generic_textual	MODERATE	https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063
ssvc	Track	https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-m9gh-789g-q5pv
cvssv3.1	6.8	https://github.com/elastic/elasticsearch
generic_textual	MODERATE	https://github.com/elastic/elasticsearch
cvssv3.1	6.8	https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f
generic_textual	MODERATE	https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f
cvssv3.1	6.8	https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983
generic_textual	MODERATE	https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983
cvssv3.1	6.8	https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23
generic_textual	MODERATE	https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23
cvssv3.1	6.8	https://nvd.nist.gov/vuln/detail/CVE-2025-37731
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-37731

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37731.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-37731
		https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063
		https://github.com/elastic/elasticsearch
		https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f
		https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983
		https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23
2422248		https://bugzilla.redhat.com/show_bug.cgi?id=2422248
CVE-2025-37731		https://nvd.nist.gov/vuln/detail/CVE-2025-37731
GHSA-m9gh-789g-q5pv		https://github.com/advisories/GHSA-m9gh-789g-q5pv

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37731.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-16T04:56:03Z/ Found at https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/elastic/elasticsearch

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-37731

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.118
EPSS Score	0.00038
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T21:05:33.145831+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.elasticsearch/elasticsearch/CVE-2025-37731.yml	38.6.0