Elasticsearch CVE Vulnerabilities
By Elastic — 2 known vulnerabilities
Critical
0
High
0
Medium
2
Low
0
None
0
All Elasticsearch CVEs
CVE-2025-68390
4.9
medium
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.
Dec 18, 2025
CVE-2025-68384
6.5
medium
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.
Dec 18, 2025