maven

Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates

Moderate severity GitHub Reviewed Published Dec 15, 2025 to the GitHub Advisory Database • Updated Dec 16, 2025

Package

org.elasticsearch:elasticsearch (Maven)

Affected versions

>= 7.0.0-alpha1, < 8.19.8

>= 9.0.0-beta1, < 9.1.8

>= 9.2.0, < 9.2.2

Patched versions

8.19.8

9.1.8

9.2.2

Description

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.

References

Published by the National Vulnerability Database

Dec 15, 2025

Published to the GitHub Advisory Database Dec 15, 2025

Reviewed Dec 16, 2025

Last updated Dec 16, 2025

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

High

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates

Package

Affected versions

Patched versions

Description

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

Improper Authentication

Improper Certificate Validation

CVE ID

GHSA ID

Source code

Uh oh!