{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T06:34:33.584","vulnerabilities":[{"cve":{"id":"CVE-2025-25011","sourceIdentifier":"security@elastic.co","published":"2025-07-30T01:15:24.707","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges."},{"lang":"es","value":"Una vulnerabilidad en un elemento de ruta de búsqueda no controlada puede provocar una escalada de privilegios locales (LPE) mediante permisos de directorio inseguros. Esta vulnerabilidad surge de la gestión incorrecta de los permisos de directorio. Un atacante con acceso local podría explotar esta vulnerabilidad para mover y eliminar archivos arbitrarios, obteniendo así privilegios de SYSTEM."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://discuss.elastic.co/t/beats-windows-installer-9-1-0-security-update-esa-2025-12/380558","source":"security@elastic.co"}]}}]}