Important: Elastic Stack security update (installed with SIEM)
Type/Severity
NetEye Product Security has rated this update as having a High security impact.
Topic
An update for the elasticsearch package is now available for NetEye 4.
Security Fix for NetEye 4.43
8.18.6_neteye3.81.9-1
CVE-2025-54988 (Apache Tika): CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MPR:L
For a detailed overview of the security issue(s), including the impact, CVSS score, acknowledgments, and other relevant information, please refer to the links provided in the References section below.
For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section in the User Guide.
Affected Products
- All NetEye 4.x versions
>=4.42that useAttachment processoron pipelines
For customers who cannot update, a workaround is available here
N.B. The workaround can seriously impact data ingestion, so please upgrade.
- All NetEye 4.x versions
>=4.31that useWorkplace Search(Only for Enterprise Customer)
A workaround for this is not available
References
- https://neteye.guide/current/security-policy/bugfix-policy.html#severity-levels
- https://discuss.elastic.co/t/elasticsearch-8-18-6-8-19-3-9-0-6-and-9-1-3-security-update-esa-2025-14-cve-2025-54988/381427
- https://discuss.elastic.co/t/enterprise-search-8-18-6-8-19-3-security-update-esa-2025-15-cve-2025-54988/381428
Alessandro Mizzaro
Security Software Engineer at Wuerth Phoenix
Author
