Improper Permission Management in Elastic Defend on Windows Systems
CVE-2025-37735

7HIGH

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-37735?

The Elastic Defend service on Windows operating systems exhibits flaws in its permission management. This vulnerability can allow arbitrary files on the system to be deleted by the Defend service, which operates with SYSTEM privileges. Such behavior increases the risk of local privilege escalation, as it allows attackers to manipulate files that should be secure. Organizations using affected versions should prioritize applying the latest security updates to mitigate this risk.

Affected Version(s)

Kibana Windows 8.0.0 <= 8.19.5

Kibana Windows 9.0.0 <= 9.1.5

References

https://discuss.elastic.co/t/elastic-defend-8-19-6-9-1-6-...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON