CVE-2025-13653 – Unauthorized access to documents in data streams with specially crafted requests

CVE ID : CVE-2025-13653

Published : Dec. 1, 2025, 6:02 p.m. | 23 minutes ago

Description : In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…