CVE-2025-12148

Name of the Vulnerable Software and Affected Versions Search Guard versions 3.1.1 and earlier

Description Field Masking (FM) rules are not properly enforced on fields of type IP (IP Address). While the content of these fields is redacted in search results, documents are still returned when searching based on specific IP values, potentially allowing reconstruction of the original field contents.

Recommendations For versions prior to 3.1.1, avoid using Field Masking on fields of type IP (IP Address). Instead, use field level security (FLS) protection on affected fields.