CVE-2025-25013
Severity CVSS v4.0:
Pending analysis
Type:
CWE-532
Information Exposure Through Log Files
Publication date:
08/04/2025
Last modified:
09/04/2025
Description
Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM