CVE-2025-37735

HIGH

Elastic Defend - Privilege Escalation

Title source: llm

Description

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.

References (1)

[Various Sources] https://discuss.elastic.co/t/elastic-defend-8-19-6-9-1-6-and-9-2-0-security-update-esa-2025-23/383272

Scores

CVSS v3 7.0

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-281

Status published

Products (2)

Elastic/Kibana 8.0.0 - 8.19.5

Elastic/Kibana 9.0.0 - 9.1.5

Published Nov 06, 2025

Tracked Since Feb 18, 2026