08. 10. 2025 Damiano Chini Bug Fixes, NetEye

NetEye 4 – Security Advisory (Elastic Stack)

Important: Elastic Stack security update

Type/Severity

NetEye Product Security has rated this update as having a High security impact.

Topic

An update for the elasticsearch and kibana packages is now available for NetEye 4.

Security Fix for NetEye 4.44

  • 9.0.8_neteye3.85.1-1

CVEs

  1. CVE-2025-25009: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
  2. CVE-2025-25018: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
  3. CVE-2025-25017: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
  4. CVE-2025-37728: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  5. CVE-2025-37727: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    • Note that this vulnerability is not exploitable with the default NetEye configuration for Elasticsearch

The CVEs include three XSS vulnerabilities and two Broken Access Control vulnerabilities.

For a detailed overview of the security issues, including the impact, CVSS score, acknowledgments, and other relevant information, please refer to the links provided in the References section below.

For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section in the User Guide.

Affected Products

All NetEye 4.x versions >=4.8 with the Elastic Stack feature module installed.

References

Damiano Chini

Damiano Chini

Author

Damiano Chini

Latest posts by Damiano Chini

30. 09. 2025 APM, Development, NetEye, Unified Monitoring
Segregating APM Data in Elastic: A Practical Guide to a Not-So-Obvious Challenge
12. 08. 2025 Bug Fixes, NetEye
Bug Fixes for NetEye 4.43
07. 07. 2025 Bug Fixes, NetEye
NetEye Security Advisory
05. 06. 2025 Bug Fixes, NetEye
Bug Fixes for NetEye 4.42
13. 02. 2025 Bug Fixes, NetEye
Bug Fixes for NetEye 4.40
See All

Related Content

Tags: , ,

23. 10. 2025 Bug Fixes, NetEye

NetEye 4 – Security Advisory (Icinga 2)

Important: Icinga2 security update Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the icinga2 packages is now available for NetEye 4. Security Fix for NetEye 4.44 2.15.1_neteye1.61.3-1 CVEs CVE-2025-61907: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N CVE-2025-61908: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-61909: Read More
23. 09. 2025 Bug Fixes, NetEye

Bug Fixes for NetEye 4.43

Satellite config creation in HA mode using zone names with whitespaces We've addressed an issue where running the neteye satellite config create for a satellite configured in HA mode having whitespaces in the Zone name prevented the procedure to successfully Read More
11. 09. 2025 Bug Fixes, NetEye

Bug Fixes for NetEye 4.43

Dashboard Graphs Now Use Full Width We've addressed an issue where service and host graphs on dashboards were not utilizing the full available width. This fix ensures the charts now expand to fill the space, providing a better and clearer Read More
02. 09. 2025 Bug Fixes, NetEye

NetEye 4 – Security Advisory (SIEM)

Important: Elastic Stack security update (installed with SIEM) Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the elasticsearch package is now available for NetEye 4. Security Fix for NetEye 4.43 8.18.6_neteye3.81.9-1 CVE-2025-54988 (Apache Read More
01. 09. 2025 Bug Fixes, NetEye

Bug Fixes for NetEye 4.43

Fix redirect to __SELF__ We resolved a bug for which sometimes during the login workflow an automatic redirect to __SELF__ was performed, forcing the user to manually change the URL on the browser tab. List of updated packages To solve Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive