Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-12148

Summary
Assigner-floragunn
Assigner Org ID-9f311a02-c44f-4938-8530-9219246b8255
Published At-29 Oct, 2025 | 15:31
Updated At-29 Oct, 2025 | 16:11
Rejected At-
Credits

Unauthorized access to fields protected by Field Masking (FM) for fields of type IP

In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address). While the content of these fields is properly redacted in the _source document returned by search operations, the results do return documents (hits) when searching based on a specific IP values. This allows to reconstruct the original contents of the field. Workaround - If you cannot upgrade immediately, you can avoid the problem by using field level security (FLS) protection on fields of the affected types instead of field masking.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:floragunn
Assigner Org ID:9f311a02-c44f-4938-8530-9219246b8255
Published At:29 Oct, 2025 | 15:31
Updated At:29 Oct, 2025 | 16:11
Rejected At:
▼CVE Numbering Authority (CNA)
Unauthorized access to fields protected by Field Masking (FM) for fields of type IP

In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address). While the content of these fields is properly redacted in the _source document returned by search operations, the results do return documents (hits) when searching based on a specific IP values. This allows to reconstruct the original contents of the field. Workaround - If you cannot upgrade immediately, you can avoid the problem by using field level security (FLS) protection on fields of the affected types instead of field masking.

Affected Products
Vendor
floragunn
Product
Search Guard FLX
Default Status
unaffected
Versions
Affected
  • From 1.0.0 through 3.1.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWECWE-732CWE-732 Incorrect Permission Assignment for Critical Resource
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-732
Description: CWE-732 Incorrect Permission Assignment for Critical Resource
Metrics
VersionBase scoreBase severityVector
4.06.0MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://search-guard.com/cve-advisory/
N/A
https://docs.search-guard.com/latest/changelog-searchguard-flx-3_1_2
N/A
Hyperlink: https://search-guard.com/cve-advisory/
Resource: N/A
Hyperlink: https://docs.search-guard.com/latest/changelog-searchguard-flx-3_1_2
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@search-guard.com
Published At:29 Oct, 2025 | 16:15
Updated At:30 Oct, 2025 | 15:03

In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address). While the content of these fields is properly redacted in the _source document returned by search operations, the results do return documents (hits) when searching based on a specific IP values. This allows to reconstruct the original contents of the field. Workaround - If you cannot upgrade immediately, you can avoid the problem by using field level security (FLS) protection on fields of the affected types instead of field masking.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.0MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-200Secondarysecurity@search-guard.com
CWE-732Secondarysecurity@search-guard.com
CWE ID: CWE-200
Type: Secondary
Source: security@search-guard.com
CWE ID: CWE-732
Type: Secondary
Source: security@search-guard.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.search-guard.com/latest/changelog-searchguard-flx-3_1_2security@search-guard.com
N/A
https://search-guard.com/cve-advisory/security@search-guard.com
N/A
Hyperlink: https://docs.search-guard.com/latest/changelog-searchguard-flx-3_1_2
Source: security@search-guard.com
Resource: N/A
Hyperlink: https://search-guard.com/cve-advisory/
Source: security@search-guard.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2025-12149
Matching Score-10
Assigner-floragunn GmbH
ShareView Details
Matching Score-10
Assigner-floragunn GmbH
CVSS Score-6||MEDIUM
EPSS-0.05% / 16.90%
||
7 Day CHG~0.00%
Published-14 Nov, 2025 | 13:58
Updated-14 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documents

In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices.

Action-Not Available
Vendor-floragunn
Product-Search Guard FLX
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-12147
Matching Score-10
Assigner-floragunn GmbH
ShareView Details
Matching Score-10
Assigner-floragunn GmbH
CVSS Score-6||MEDIUM
EPSS-0.07% / 22.39%
||
7 Day CHG+0.02%
Published-29 Oct, 2025 | 15:29
Updated-30 Oct, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized access to fields protected by Field-Level Security (FLS) when those fields are members of an object

In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are improperly enforced on object-valued fields. When an FLS exclusion rule (e.g., ~field) is applied to a field which contains an object as its value, the object is correctly removed from the _source returned by search operations. However, the object members (i.e., child attributes) remain accessible to search queries. This exposure allows adversaries to infer or reconstruct the original contents of the excluded object. Workaround - If you cannot upgrade immediately and FLS exclusion rules are used for object valued attributes (like ~object), add an additional exclusion rule for the members of the object (like ~object.*).

Action-Not Available
Vendor-floragunn
Product-Search Guard FLX
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-13417
Matching Score-6
Assigner-floragunn GmbH
ShareView Details
Matching Score-6
Assigner-floragunn GmbH
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.35%
||
7 Day CHG~0.00%
Published-12 Aug, 2019 | 20:51
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.

Action-Not Available
Vendor-search-guardfloragunn
Product-search_guardSearch Guard
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-13653
Matching Score-6
Assigner-floragunn GmbH
ShareView Details
Matching Score-6
Assigner-floragunn GmbH
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 10.13%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 18:02
Updated-02 Dec, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized access to documents in data streams with specially crafted requests

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges.

Action-Not Available
Vendor-floragunn
Product-Search Guard FLX
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-13421
Matching Score-6
Assigner-floragunn GmbH
ShareView Details
Matching Score-6
Assigner-floragunn GmbH
CVSS Score-4.9||MEDIUM
EPSS-0.39% / 59.59%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 13:26
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

Action-Not Available
Vendor-search-guardfloragunn
Product-search_guardSearch Guard
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-13419
Matching Score-6
Assigner-floragunn GmbH
ShareView Details
Matching Score-6
Assigner-floragunn GmbH
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.71%
||
7 Day CHG~0.00%
Published-13 Aug, 2019 | 14:28
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.

Action-Not Available
Vendor-search-guardfloragunn
Product-search_guardSearch Guard
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Details not found