Search Guard FLX v3.1-4.0: Authenticated Data Stream Read without Privileges
CVE-2025-13653 Published on December 1, 2025
Unauthorized access to documents in data streams with specially crafted requests
In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges.
Vulnerability Analysis
CVE-2025-13653 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Types
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2025-13653 has been classified to as an Information Disclosure vulnerability or weakness.
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2025-13653 has been classified to as an AuthZ vulnerability or weakness.
Affected Versions
floragunn Search Guard FLX:- Version 3.1.0, <= 4.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.