Vulnerability Database

309,961

Total vulnerabilities in the database

CVE-2025-13653

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges.

Published: Dec 1, 2025
Updated: Dec 2, 2025
CVE: CVE-2025-13653
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-200
CWE-863

Affected Software
References

No affected software listed.

https://docs.search-guard.com/latest/changelog-searchguard-flx-4_0_1
https://search-guard.com/cve-advisory/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo