Security Advisory

CVE-2025-37732

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-15 10:21:07

Last updated 2025-12-15 13:28:41

Assigner elastic

State PUBLISHED

Description

Improper neutralization of input during web page generation (Cross-site Scripting) (CWE-79) allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 (CVE-2025-25018) bypassing that fix to achieve HTML injection.

← Browse all CVEs View on cve.org ↗