Elastic CVE-2025-66525
MEDIUMCVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
DescriptionNVD
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through <= 1.2.20.
Analysis
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through <= 1.2.20.
Technical ContextAI
This vulnerability is classified as Missing Authorization (CWE-862).
Affected ProductsAI
Affected: Elastic Email Elastic Email Sender elastic-email-sender
RemediationAI
Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.
More from same product – last 7 days
Server-side request forgery in Elastic Kibana allows authenticated users holding connector management privileges to bypa
Denial of service in Kibana allows any authenticated low-privileged user to render the Kibana service unresponsive for a
Denial of service in Elastic Kibana allows an authenticated low-privileged user to crash the Kibana service and deny acc
Denial of service in Kibana allows any authenticated user to crash or render unresponsive a Kibana instance by sending a
Denial of service in Kibana's analytics collections management endpoint allows any authenticated user with viewer-level
Share
External POC / Exploit Code
Leaving vuln.today