Elastic Patched Critical Jinjava Template Injection in Elastic Cloud Enterprise(ECE)
Summary : Security Advisory: Elastic disclosed vulnerability in Elastic Cloud Enterprise (ECE) that allows attackers with admin access to steal sensitive data or execute any commands through Jinjava template injection. This flaw impacts ECE versions from 2.5.0 up to and including 3.8.1, as well as versions 4.0.0 through 4.0.1.
| OEM | Elastic Cloud Enterprise (ECE) |
| Severity | Critical |
| CVSS Score | 9.1 |
| CVEs | CVE-2025-37729 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
The vulnerability with CVE-2025-37729, affects multiple ECE versions starting from 2.5.0 up to and including 3.8.1, and versions starting from 4.0.0 up to and including 4.0.1. Users & Administrators are strongly advised to upgrade to the latest version of ECE immediately to stay protected.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Improper Neutralization of Special Elements Vulnerability | CVE-2025-37729 | Elastic Cloud Enterprise | Critical | v3.8.2 & v4.0.2 |
Technical Summary
Improper neutralization of special elements can be used to issuing commands via a specially crafted string where Jinjava variables are evaluated.
Malicious actors are exploiting due to an improper neutralization of special characters vulnerability in the Jinjava template engine used by ECE.
Attackers with admin-level access to the ECE admin console and deployments with the Logging+Metrics feature enabled can inject malicious Jinjava expressions through specially crafted payloads. This vulnerability can allow them to exfiltrate sensitive data or execute arbitrary command on the system.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025- 37729 | Elastic Cloud Enterprise (ECE) v2.5.0-3.8.1, v4.0.0-v4.0.1 | Improper sanitization of user-supplied input in Jinjava templates allows admin users to inject malicious expressions, enabling code execution and data exfiltration | Sensitive Data Leakage, Arbitrary Command Execution, Potential Full System Compromise |
Recommendations:
Upgrade the Elastic Cloud Enterprise versions to v3.8.2 and v4.0.2 or the latest one.
Here are some recommendations below
- Keep admin access restricted to trusted accounts only for the ECE admin console.
- You can monitor the request logs for malicious payloads using the query “payload.name : int3rpr3t3r or payload.name : forPath”. Implement strict access controls and regularly audit admin privileges.
Conclusion:
This is critical vulnerability in Elastic Cloud Enterprise that could allow attackers to data exfiltration and arbitrary command execution.
Although exploitation needs administrative access, but its high impact makes it a major security risk & needs immediate action. Upgrading to the fixed version and applying recommended actions are strongly advised by the organizations to stay secure.
References: