Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Elastic Cloud Enterprise Privilege Escalation Issue, Patch Immediately!
Image
Publié : 04/11/2025
- Last update: 04/11/2025
- Affected software:
→ Elastic Cloud Enterprise (ECE) 3.8.3 and 4.0.3- Type: Privilege Escalation
- CVE/CVSS
→ CVE-2025-37736: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
There is an improper authorization vulnerability in Elastic Cloud Enterprise where a built-in read-only user can inappropriately call APIs that should not be accessible, potentially leading to unauthorized actions. An attacker with low-privilege access could exploit this vulnerability to escalate privileges, potentially compromising the confidentiality, integrity, and availability of the CIA triad.
There is no evidence of proof of exploitation at the time of writing.
Description
CVE-2025-37736 could be used by a malicious actor with read-only permissions to access API endpoints that it should not be able to reach. This allows them to create/delete users, manage authentication keys and create/delete service accounts.
Please refer to the Elastic article for a complete list of API endpoints accessible with this vulnerability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion. Elastic has released a tool to detect if accounts were created or modified by a read-only user.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.