08. 10. 2025 Damiano Chini Bug Fixes, NetEye

NetEye 4 – Security Advisory (Elastic Stack)

Important: Elastic Stack security update

Type/Severity

NetEye Product Security has rated this update as having a High security impact.

Topic

An update for the elasticsearch and kibana packages is now available for NetEye 4.

Security Fix for NetEye 4.44

  • 9.0.8_neteye3.85.1-1

CVEs

  1. CVE-2025-25009: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
  2. CVE-2025-25018: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
  3. CVE-2025-25017: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
  4. CVE-2025-37728: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  5. CVE-2025-37727: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    • Note that this vulnerability is not exploitable with the default NetEye configuration for Elasticsearch

The CVEs include three XSS vulnerabilities and two Broken Access Control vulnerabilities.

For a detailed overview of the security issues, including the impact, CVSS score, acknowledgments, and other relevant information, please refer to the links provided in the References section below.

For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section in the User Guide.

Affected Products

All NetEye 4.x versions >=4.8 with the Elastic Stack feature module installed.

References

Damiano Chini

Damiano Chini

Author

Damiano Chini

Latest posts by Damiano Chini

04. 03. 2026 Bug Fixes, NetEye
NetEye 4 – Security Advisory (Lampo)
04. 03. 2026 Bug Fixes, NetEye
NetEye 4 – Security Advisory (Elastic Stack)
05. 01. 2026 Bug Fixes, NetEye
Bug Fixes for NetEye 4.45
30. 12. 2025 Automation, Development, Log Management, Log-SIEM, NetEye
Optimizing Rolling Restarts in Elasticsearch Clusters
24. 12. 2025 APM, Log-SIEM, Machine Learning, NetEye, Real User Experience
Root Cause Analysis with Elastic ML and Alyvix
See All

Related Content

Tags: , ,

04. 03. 2026 Bug Fixes, NetEye

NetEye 4 – Security Advisory (Lampo)

Important: Lampo security update Type/Severity NetEye Product Security has rated this update as having a medium security impact. Topic An update for the lampod packages is now available for NetEye 4. Security Fix for NetEye 4.46 1.1.3-1 Summary The vulnerability is about sensitive Read More
04. 03. 2026 Bug Fixes, NetEye

NetEye 4 – Security Advisory (Elastic Stack)

Important: Elastic Stack security update Type/Severity NetEye Product Security has rated this update as having a Medium security impact. Topic An update for the Kibana package is now available for NetEye 4. Security Fix for NetEye 4.46 9.2.6_neteye3.90.8-1 CVEs CVE-2026-26934CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-26935CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-26936CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2026-26937CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Read More
02. 03. 2026 Bug Fixes, NetEye

Bug Fixes for NetEye 4.46

Error during generation of SLA reports We have fixed a bug that was causing an error during the generation of SLA reports. List of updated packages To solve the issue mentioned above, the following packages have been updated for NetEye Read More
19. 02. 2026 Bug Fixes, NetEye

Bug Fixes for NetEye 4.46

Fix NagVis navigation using IcingaDB Web URLs When clicking on a host or service from a NagVis map, you were redirected to the legacy Monitoring module. The links have been updated to correctly point to the IcingaDB Web module. List Read More
11. 02. 2026 Bug Fixes, NetEye

Bug Fixes for NetEye 4.46

Fixing Misplaced Plugin Output in Icinga Web Interface When plugin output contained HTML content (like links), it was incorrectly displayed near the service name instead of in the Plugin Output section. The plugin output section now correctly renders all content. Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive