CVE-2025-13653

MEDIUM

Search Guard FLX <4.0.0 - Info Disclosure

Title source: llm

Description

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges.

References (2)

Core 2

Core References

Various Sources

https://docs.search-guard.com/latest/changelog-searchguard-flx-4_0_1

Various Sources

https://search-guard.com/cve-advisory/

Scores

CVSS v3 4.3

EPSS 0.0017

EPSS Percentile 6.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-863

Status published

Products (1)

floragunn/Search Guard FLX 3.1.0 - 4.0.0

Published Dec 01, 2025

Tracked Since Feb 18, 2026