Headline
GHSA-56r7-h6mw-rcfv: Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-37727
Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
Moderate severity GitHub Reviewed Published Oct 10, 2025 to the GitHub Advisory Database • Updated Oct 11, 2025
Package
maven org.elasticsearch:elasticsearch (Maven)
Affected versions
>= 7.0.0, < 8.18.8
>= 8.19.0, < 8.19.5
>= 9.0.0-beta1, < 9.0.8
>= 9.1.0, < 9.1.5
Patched versions
8.18.8
8.19.5
9.0.8
9.1.5
Description
Published to the GitHub Advisory Database
Oct 10, 2025
Last updated
Oct 11, 2025