CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25013 – Elastic Defend Insertion of Sensitive Information into Log Files
https://notcve.org/view.php?id=CVE-2025-25013
08 Apr 2025 — Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack. • https://discuss.elastic.co/t/elastic-defend-8-17-3-security-update-esa-2025-05/376921 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37284 – Elastic Defend Improper Handling of Alternate Encoding Leads to Crash
https://notcve.org/view.php?id=CVE-2024-37284
21 Jan 2025 — Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn will prevent it from quarantining the file and/or killing the process. • https://discuss.elastic.co/t/elastic-defend-8-13-3-security-update-esa-2024-24/373441 • CWE-755: Improper Handling of Exceptional Conditions •