8 matches found
CVE-2025-68390
A flaw was found in Elasticsearch. An authenticated user, with snapshot restore privileges, can cause an excessive memory allocation via a crafted HTTP request, resulting in a denial of service. Mitigation To mitigate this issue, make sure that only necessary and trusted users have authentication...
com.aconex.scrutineer:scrutineer (>=6.8.13-1 <=7.9.3), com.bbossgroups.plugins:bboss-elasticsearch (>=5.0.3.7.4 <=6.2.0) +21 more potentially affected by CVE-2025-68390 via org.elasticsearch.plugin:x-pack-core (>=6.8.11 <=7.9.3)
org.elasticsearch.plugin:x-pack-core MAVEN version =6.8.11, =6.8.13-1, =5.0.3.7.4, =5.0.3.6, =5.1.1, =5.1.1, =0.3.11, =0.3.11, =2.0.0, =3.3.0, =6.2.2.0, =1.0, =1.2.0, =1.6.1 and more Source cves: CVE-2025-68390 Source advisory: OSV:GHSA-GPHJ-4H6P-37XQ...
Linux Distros Unpatched Vulnerability : CVE-2025-68390
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessiv...
CVE-2025-68390
creationtimestamp| type| source ---|---|--- 2025-12-18 23:58:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3maceylmwic2r...
ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.6.2), br.com.simpli:simpli-ws (>=1.2.1 <=2.2.0) +1034 more potentially affected by CVE-2025-68390 via org.elasticsearch:elasticsearch (>=7.0.0-alpha1 <=8.19.7)
org.elasticsearch:elasticsearch MAVEN version =7.0.0-alpha1, =j8.2.2.0, =1.2.1, =0.0.1-alpha, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.2.0, =6.8.0, =6.4.0, =5.3.0, =5.3.0, =5.3.0, =5.4.0 and more Source cves: CVE-2025-68390 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14534841...
org.elasticsearch.test:framework (>=9.2.0 <=9.2.1), org.elasticsearch.test:yaml-rest-runner (>=9.2.0 <=9.2.1) +1 more potentially affected by CVE-2025-68390 via org.elasticsearch:elasticsearch (>=9.2.0 <=9.2.1)
org.elasticsearch:elasticsearch MAVEN version =9.2.0, =9.2.0, =9.2.0, =9.2.1 - pl.allegro.tech.elasticsearch.plugin:elasticsearch-analysis-morfologik =9.2.1 Source cves: CVE-2025-68390 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14534841...
net.sc8s:elastic-testkit_2.13 (>=0.102.0 <=0.110.0), org.elasticsearch.test:framework (>=9.0.0 <=9.1.10) +3 more potentially affected by CVE-2025-68390 via org.elasticsearch:elasticsearch (>=9.0.0-beta1 <=9.1.7)
org.elasticsearch:elasticsearch MAVEN version =9.0.0-beta1, =0.102.0, =9.0.0, =9.0.0, =1.7.es904.0, =9.0.0, =9.1.5 Source cves: CVE-2025-68390 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14534841...
CVE-2025-68390 Elasticsearch Allocation of Resources Without Limits or Throttling
Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation CAPEC-130 of memory and a denial of service DoS via crafted HTTP request...