Primary

Context

Elastic Beats Uncontrolled Search Path Vulnerability Leading to Local Privilege Escalation

Vulnerability

Patched

A vulnerability in Elastic Beats Windows Installer versions prior to 9.1.0 allows for local privilege escalation. This uncontrolled search path element issue arises from improper handling of directory permissions, creating insecure directory permissions. An attacker with local access could exploit this vulnerability to move and delete arbitrary files, potentially gaining SYSTEM privileges.

Impact

Exploitation of this vulnerability could result in unauthorized access to SYSTEM privileges, allowing an attacker to manipulate files and potentially disrupt system operations.

Remediation

Users can upgrade to Elastic Beats version 9.1.0 or later to address this vulnerability.

Added: Jul 30, 2025, 3:50 AM

Updated: Jul 30, 2025, 3:50 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Beats Uncontrolled Search Path Vulnerability Leading to Local Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Elastic Beats

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating