CVE-2025-12148 MEDIUM

CVE-2025-12148: Unauthorized access to fields protected by Field Masking (FM) for fields of type IP

Vendor Floragunn
Product Search Guard FLX
Weakness CWE-200 · Info exposure
Published October 29, 2025
Last update October 29, 2025

CVSS base score

6.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address). While the content of these fields is properly redacted in the _source document returned by search operations, the results do return documents (hits) when searching based on a specific IP values. This allows to reconstruct the original contents of the field. Workaround - If you cannot upgrade immediately, you can avoid the problem by using field level security (FLS) protection on fields of the affected types instead of field masking.

Key dates

02Disclosure timeline

October 29, 2025 CVE published
October 29, 2025 Record updated