CVE-2025-37735: 
Kibana vulnerability analysis and mitigation

CVE-2025-37735 is a high-severity vulnerability affecting Elastic Defend on Windows hosts. The vulnerability, discovered in November 2025, is classified as an 'Improper Preservation of Permissions' issue that affects multiple versions of Elastic Defend, including versions up to 8.19.5 and versions from 9.0.0 up to 9.1.5 (Elastic Discussion).

The vulnerability is characterized by improper preservation of permissions in Elastic Defend's Windows implementation, which can lead to arbitrary file deletion by the Defend service running with SYSTEM privileges. The vulnerability has been assigned a CVSS v3.1 score of 7.0 (High) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access vector, high attack complexity, low privileges required, and no user interaction needed (Security Online).

The vulnerability allows local attackers with limited access to delete arbitrary files on the system through the Defend service running as SYSTEM. This capability could potentially lead to local privilege escalation by removing critical system files, representing a significant security risk for affected systems (Security Online).

Elastic has released patched versions 8.19.6, 9.1.6, and 9.2.0 to address this vulnerability. For users unable to immediately upgrade, a temporary mitigation involves upgrading to Windows 11 24H2 or later, as it includes changes that make the issue harder to exploit (Elastic Discussion).