CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Elastic: >> Elasticsearch >> 9.1.8 Security Vulnerabilities

CVE-2025-68384

Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.

CVSS Score

6.5

EPSS Score

0.001

Published

2025-12-18

Page 1

Vulnerabilities

Vulnerable Software

Elastic: >> Elasticsearch >> 9.1.8 Security Vulnerabilities

Products

Pricing

Contact Us