02. 01. 2026 Davide Sbetti Bug Fixes, NetEye

NetEye 4 – Security Advisory (Elastic Stack)

Important: Elastic Stack security update

Type/Severity

NetEye Product Security has rated this update as having a High security impact.

Topic

An update for the elastic-stack packages (elasticsearch, kibana, filebeat, logstash and elastic-agent) is now available for NetEye 4.

Security Fix for NetEye 4.45

  • 9.2.3_neteye3.88.8-1

CVEs

  1. CVE-2025-68381
     CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  2. CVE-2025-68382
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  3. CVE-2025-68383
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  4. CVE-2025-68384
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  5. CVE-2025-68385
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
  6. CVE-2025-68386
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
  7. CVE-2025-68387
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  8. CVE-2025-68388
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  9. CVE-2025-68389
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  10. CVE-2025-68390
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

The CVEs affect different components of the Elastic Stack, as outlined below.

Packetbeat

CVEs: CVE-2025-68381, CVE-2025-68382, CVE-2025-68388

The three CVEs are related to Denial of Service (DoS) attacks to the component itself and significant resource exhaustion.

Filebeat

CVE: CVE-2025-68383

The CVE is based on a Denial of Service (DoS) attack on the Filebeat component

Elasticsearch

CVEs: CVE-2025-68390, CVE-2025-68384

The CVEs are based on persistent Denial of Service (DoS) attacks and excessive resource allocation.

Kibana

CVEs: CVE-2025-68385, CVE-2025-68389, CVE-2025-68386, CVE-2025-68387

The CVEs include Cross Site Scripting (XSS), Improper Authorization and Excessive Resource Allocation.

For a detailed overview of the security issues, including the impact, CVSS score, acknowledgments, and other relevant information, please refer to the links provided in the references section.

For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section in the User Guide.

Affected Products

All NetEye 4.x versions >= 4.8.

References

Davide Sbetti

Davide Sbetti

Hi! I'm Davide and I'm a Software Developer with the R&D Team in the "IT System & Service Management Solutions" group here at Würth IT Italy. IT has been a passion for me ever since I was a child, and so the direction of my studies was...never in any doubt! Lately, my interests have focused in particular on data science techniques and the training of machine learning models.

Author

Davide Sbetti

Hi! I'm Davide and I'm a Software Developer with the R&D Team in the "IT System & Service Management Solutions" group here at Würth IT Italy. IT has been a passion for me ever since I was a child, and so the direction of my studies was...never in any doubt! Lately, my interests have focused in particular on data science techniques and the training of machine learning models.

Latest posts by Davide Sbetti

13. 03. 2026 Bug Fixes, NetEye
Bug Fixes for NetEye 4.46
02. 02. 2026 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.46 Release Notes
26. 12. 2025 AI, NetEye
The Model Context Protocol (MCP): Hands-on with NetEye!
16. 12. 2025 Bug Fixes, NetEye
Bug Fixes for NetEye 4.45
16. 09. 2025 DevOps, Kubernetes
Monitoring DBs through PMM: a Migration to OpenShift
See All

Related Content

Tags: , , ,

19. 03. 2026 Bug Fixes, NetEye

Bug Fixes for NetEye 4.46

We addressed the following issues in the Alyvix module UI: In the General tab of a node, retention policy values only showed two digits, even when the numbers were higher than 99. Tooltips for the different retention settings (Successful, Failed, Read More
16. 03. 2026 APM, Knowledge Management, Log-SIEM, Training

Inside Elastic Certifications: My Experience Between Preparation and Exams

In this article I'd like to share my experience with Elastic certifications. Recently, I had the opportunity to take the Elastic Certified Engineer and Elastic Certified Observability Engineer exams and I'd like to describe my preparation, experience and finally share Read More
13. 03. 2026 Bug Fixes, NetEye

Bug Fixes for NetEye 4.46

Error during GLPI inventory task execution We have fixed a bug related to the Asset Management module and in particular in the usage of the GLPI inventory plugin to gather the inventory. List of updated packages To solve the issue Read More
05. 03. 2026 Bug Fixes, NetEye

NetEye 4 – Security Advisory (GLPI)

Important: GLPI security update Type/Severity NetEye Product Security has rated this update as having a high security impact. Topic An update for the glpi packages is now available for NetEye 4. Security Fix for NetEye 4.46 10.0.24_neteye1.17.5-1 Summary The vulnerability is about a Read More
04. 03. 2026 Bug Fixes, NetEye

NetEye 4 – Security Advisory (Elastic Stack)

Important: Elastic Stack security update Type/Severity NetEye Product Security has rated this update as having a Medium security impact. Topic An update for the Kibana package is now available for NetEye 4. Security Fix for NetEye 4.46 9.2.6_neteye3.90.8-1 CVEs CVE-2026-26934CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-26935CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-26936CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2026-26937CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive