Unauthorized access to documents in data streams with specially crafted...

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges.

Basic Information

ID CVE-2025-13653

Source floragunn

Published Dec 1, 2025 at 18:02

Modified Dec 1, 2025 at 18:33

Affected Product

Vendor floragunn

Product Search Guard FLX

Version 3.1.0

Affected Versions floragunn Search Guard FLX 3.1.0

CWE Classification

CWE-200 CWE-863

References

{
    "lastseen": "",
    "description": "In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges.",
    "published": "2025-12-01T18:02:00.573Z",
    "modified": "2025-12-01T18:33:42.466Z",
    "type": "cve",
    "title": "Unauthorized access to documents in data streams with specially crafted requests",
    "source": "floragunn",
    "references": "https://search-guard.com/cve-advisory/\nhttps://docs.search-guard.com/latest/changelog-searchguard-flx-4_0_1",
    "id": "CVE-2025-13653",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "floragunn Search Guard FLX 3.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Search Guard FLX",
    "version": "3.1.0",
    "vendor": "floragunn",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Unauthorized access to documents in data streams with specially crafted requests_CVE-2025-13653