Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN696
_____________________________________________________________________

DATE                : 15/10/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Elastic Cloud Enterprise (ECE)
                           versions prior to 3.8.2, 4.0.2.

=====================================================================
https://discuss.elastic.co/t/elastic-cloud-enterprise-ece-3-8-2-and-4-0-2-security-update-esa-2025-21/382641
_____________________________________________________________________


Elastic Cloud Enterprise (ECE) 3.8.2 and 4.0.2 Security Update
(ESA-2025-21)
Announcements Security Announcements
ismisepaul (Paul) October 13, 2025, 1:44pm 1

Elastic Cloud Enterprise (ECE) Improper Neutralization of Special
Elements Used in a Template Engine (ESA-2025-21)

Improper neutralization of special elements used in a template engine
in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with
Admin access exfiltrating sensitive information and issuing commands
via a specially crafted string where Jinjava variables are evaluated.


Affected Versions:

Versions starting from 2.5.0 up to and including 3.8.1, and versions
starting from 4.0.0 up to and including 4.0.1.

Affected Configurations:

This issue can only be exploited by users with access to the Elastic
Cloud Enterprise (ECE) admin-console and access to a deployment with
the Logging+Metrics feature enabled. By submitting plans with
specially crafted payloads it is possible to inject code to be
executed and the result to be read back via the ingested logs.


Solutions and Mitigations:

Users should upgrade to version 3.8.2 and 4.0.2.

For Users that Cannot Upgrade:

There are no workarounds


Indicators of Compromise (IOC)

Users can monitor the request logs for malicious payloads, by using
the search query:

    (payload.name : int3rpr3t3r or payload.name : forPath)

Severity: CVSSv3.1: 9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE ID: CVE-2025-37729

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================