Primary

Context

Elasticsearch Improper Authentication Vulnerability in PKI Realm Allowing User Impersonation

Vulnerability

Patched

A vulnerability exists in the PKI authentication realm of Elasticsearch, allowing for user impersonation through the use of specially crafted client certificates. This issue affects all versions of Elasticsearch 7.x, as well as versions 8.0.0 prior to 8.19.7 and versions 9.0.0 prior to 9.1.7 and 9.2.0 prior to 9.2.1. To exploit this vulnerability, a malicious actor must have a client certificate that is signed by a trusted Certificate Authority.

Impact

Exploitation of this vulnerability could lead to unauthorized user impersonation.

Remediation

Users can upgrade to Elasticsearch versions 8.19.8, 9.1.8, or 9.2.2 to address this vulnerability. For those unable to upgrade, no workarounds are available.

Added: Dec 15, 2025, 11:19 AM

Updated: Dec 15, 2025, 7:04 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

1.3

exploitability

7.0

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

1.3

exploitability

7.0

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elasticsearch Improper Authentication Vulnerability in PKI Realm Allowing User Impersonation

Vulnerability

Impact

Remediation

Affected Products

Elastic Elasticsearch

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating