Elastic
Company Details
Linkedin ID:
elastic-co
Website:
Employees number:
4,424
Number of followers:
501,905
NAICS:
5112
Industry Type:
Homepage:
elastic.co
IP Addresses:
0
Company ID:
ELA_3348055
Scan Status:
In-progress
Elastic Company CyberSecurity Posture
elastic.co
Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale. Elastic’s solutions for search, observability, and security are built on the Elastic Search AI Platform — the development platform used by thousands of companies, including more than 50% of the Fortune 500.
Elastic A.I CyberSecurity Scoring
Elastic Risk Score (AI oriented)Between 750 and 799
Elastic
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Elastic Global Score (TPRM)XXXX
Elastic
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Elastic Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Elastic
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Elastic released a critical update to address a severe vulnerability in Kibana, identified as CVE-2025-25012. With a CVSS score of 9.9, the flaw allows for arbitrary code execution and primarily affects versions 8.15.0 to 8.17.2. The vulnerability, resulting from unsafe handling of prototype pollution, could be exploited by users with low privileges in earlier versions, and more advanced privileges in later versions. This security gap has the potential for severe consequences, such as unauthorized data access, system compromise, and service disruption, leading to theft or destruction of sensitive information. In response, Elastic urges users to upgrade to version 8.17.3 or later and recommends additional security measures for those unable to upgrade immediately.
Elastic
Vulnerability
Rankiteo Explanation
Attack threatening the organization's existence
Description: A critical zero-day vulnerability in **Elastic’s Endpoint Detection and Response (EDR)** solution—specifically in the **elastic-endpoint-driver.sys** kernel driver—allows attackers to bypass security, execute arbitrary code, and trigger **Blue Screen of Death (BSOD) crashes**, rendering systems unusable. The flaw stems from a **NULL Pointer Dereference (CWE-476)**, enabling a four-stage attack chain: **EDR bypass, Remote Code Execution (RCE), persistence via a malicious kernel driver, and privileged Denial-of-Service (DoS)**. The exploit turns Elastic’s own security tool into a weapon, risking large-scale endpoint disablement across enterprises. No patch exists for versions **8.17.6 and later**, leaving customers exposed since disclosure attempts (June–August 2025). The vulnerability erodes trust in Elastic’s SIEM/EDR products, as a signed driver can now behave like malware, crashing systems on demand. Organizations face **operational paralysis, potential data exposure during crashes, and loss of defensive capabilities** until mitigation is deployed.
Elastic Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Elastic
Incidents vs Software Development Industry Average (This Year)
Elastic has 250.88% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Elastic has 156.41% more incidents than the average of all companies with at least one recorded incident.
Incident Types Elastic vs Software Development Industry Avg (This Year)
Elastic reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 2 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Elastic (X = Date, Y = Severity)
Elastic cyber incidents detection timeline including parent company and subsidiaries
Elastic Company Subsidiaries
Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale. Elastic’s solutions for search, observability, and security are built on the Elastic Search AI Platform — the development platform used by thousands of companies, including more than 50% of the Fortune 500.
Loading...
Elastic Similar Companies
IDEMIA Group unlocks simpler and safer ways to pay, connect, access, identify, travel and protect public places. With its long-standing expertise in biometrics and cryptography, IDEMIA develops technologies of excellence with an impactful, ethical, and socially responsible approach. Every day, IDEMI
Shopify is a leading global commerce company, providing trusted tools to start, grow, market, and manage a retail business of any size. Shopify makes commerce better for everyone with a platform and services that are engineered for reliability, while delivering a better shopping experience for consu
Sage
At Sage, we knock down barriers with information, insights, and tools to help your business flow. We provide businesses with software and services that are simple and easy to use, as we work with you to give you that feeling of confidence. Customers trust our Payroll, HR, and Finance software to m
Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. We are driven by the excitement of building technologies, inventing products, and providing services that change lives. We embrac
Alibaba Group
🌍Alibaba Group is on a mission to make it easy to do business anywhere! Guided by our passion and imagination, we’re leading the way in AI, cloud computing and e-commerce. We aim to build the future infrastructure of commerce, and we aspire to be a good company that lasts for 102 years.
Zoho
Zoho offers beautifully smart software to help you grow your business. With over 100 million users worldwide, Zoho's 55+ products aid your sales and marketing, support and collaboration, finance, and recruitment needs—letting you focus only on your business. Zoho respects user privacy and does not h
Meta
Meta's mission is to build the future of human connection and the technology that makes it possible. Our technologies help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further e
The Facebook company is now Meta. Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving
Just Eat Takeaway.com
Just Eat Takeaway.com is a leading global online delivery marketplace, connecting consumers and restaurants through our platform in 19 countries. Like a dinner table, working at JET brings our office employees and couriers together. From coding to customer service to couriers, JET is a
.png)
Elastic CyberSecurity News
December 12, 2025 10:55 AM
Elastic Makes On-Demand Training Free to Everyone
Elastic is evolving its security training to modular, on-demand formats - at no cost - to reach more learners. It is focusing on short,...
December 11, 2025 12:59 AM
Thailand taps Elastic to power ‘Year of Cybersecurity’
Thailand's National Cyber Security Agency has chosen Elastic Security as its primary security platform as part of a new collaboration with...
December 05, 2025 01:33 AM
Thailand’s NSCA enhances cybersecurity capabilities with Elastic
Elastic supported NCSA's cybersecurity efforts and implementation of Elastic Security across the Thai public sector by leading a hands-on...
December 02, 2025 08:00 AM
US-listed Elastic bets on Irish cybersecurity firm Siren
US-listed Elastic bets on Irish cybersecurity firm Siren ... Siren chief executive John Randles. ... Your browser does not support the audio element...
December 01, 2025 08:00 AM
Cybersecurity in the public sector is ultimately a data problem
India's public institutions face rising AI-driven cyber threats. Learn how Elastic Security's data-first approach strengthens resilience and...
December 01, 2025 05:49 AM
Elastic appoints Tech Data as its VAD in India
Tech Data has announced its appointment as a value-added distributor for Elastic, the Search AI company. Through this collaboration, Tech...
November 25, 2025 08:00 AM
Neon Cyber Joins Forces with Elastic to Protect Modern Workforces from Identity-Based Threats with Comprehensive Browser and SaaS Security
Strategic technology partnership delivers easy-to-deploy enterprise-wide protection, enhancing visibility and threat detection.
November 24, 2025 08:00 AM
Reshaping cyber security roles: How AI enhances teams without replacing humans
As threats grow more sophisticated, agentic AI helps cyber security teams work smarter by handling routine tasks and helping junior analysts...
November 17, 2025 08:00 AM
ECS Recognized as a Top Partner with 2025 Elastic Services Partner Award – AMER
Company honored as a top services partner for Elastic in the Americas advancing customer success with Elastic Search AI. FAIRFAX, Va.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Elastic CyberSecurity History Information
Official Website of Elastic
The official website of Elastic is http://www.elastic.co.
Elastic’s AI-Generated Cybersecurity Score
According to Rankiteo, Elastic’s AI-generated cybersecurity score is 773, reflecting their Fair security posture.
How many security badges does Elastic’ have ?
According to Rankiteo, Elastic currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Elastic have SOC 2 Type 1 certification ?
According to Rankiteo, Elastic is not certified under SOC 2 Type 1.
Does Elastic have SOC 2 Type 2 certification ?
According to Rankiteo, Elastic does not hold a SOC 2 Type 2 certification.
Does Elastic comply with GDPR ?
According to Rankiteo, Elastic is not listed as GDPR compliant.
Does Elastic have PCI DSS certification ?
According to Rankiteo, Elastic does not currently maintain PCI DSS compliance.
Does Elastic comply with HIPAA ?
According to Rankiteo, Elastic is not compliant with HIPAA regulations.
Does Elastic have ISO 27001 certification ?
According to Rankiteo,Elastic is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Elastic
Elastic operates primarily in the Software Development industry.
Number of Employees at Elastic
Elastic employs approximately 4,424 people worldwide.
Subsidiaries Owned by Elastic
Elastic presently has no subsidiaries across any sectors.
Elastic’s LinkedIn Followers
Elastic’s official LinkedIn profile has approximately 501,905 followers.
NAICS Classification of Elastic
Elastic is classified under the NAICS code 5112, which corresponds to Software Publishers.
Elastic’s Presence on Crunchbase
No, Elastic does not have a profile on Crunchbase.
Elastic’s Presence on LinkedIn
Yes, Elastic maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/elastic-co.
Cybersecurity Incidents Involving Elastic
As of December 16, 2025, Rankiteo reports that Elastic has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Elastic has an estimated 27,756 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Elastic ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does Elastic detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with upgrade to version 8.17.3 or later, remediation measures with additional security measures for those unable to upgrade immediately, and third party assistance with disclosure attempts via hackerone (2025-06-11), third party assistance with zero day initiative (zdi) (2025-07-29), and remediation measures with no patch available as of disclosure, remediation measures with customers advised to monitor for updates, and communication strategy with independent public disclosure by ashes cybersecurity (2025-08-16)..
Incident Details
Can you provide details on each incident ?
Title: Critical Vulnerability in Kibana (CVE-2025-25012)
Description: Elastic released a critical update to address a severe vulnerability in Kibana, identified as CVE-2025-25012. With a CVSS score of 9.9, the flaw allows for arbitrary code execution and primarily affects versions 8.15.0 to 8.17.2. The vulnerability, resulting from unsafe handling of prototype pollution, could be exploited by users with low privileges in earlier versions, and more advanced privileges in later versions. This security gap has the potential for severe consequences, such as unauthorized data access, system compromise, and service disruption, leading to theft or destruction of sensitive information. In response, Elastic urges users to upgrade to version 8.17.3 or later and recommends additional security measures for those unable to upgrade immediately.
Type: Vulnerability Exploit
Attack Vector: Arbitrary Code Execution
Vulnerability Exploited: CVE-2025-25012
Title: Elastic EDR Zero-Day Vulnerability Leading to BSOD and System Compromise
Description: A zero-day vulnerability in Elastic’s Endpoint Detection and Response (EDR) solution, specifically in the 'elastic-endpoint-driver.sys' kernel driver (signed by Microsoft), allows attackers to bypass security measures, execute malicious code, and trigger a Blue Screen of Death (BSOD) system crash. The flaw, classified as CWE-476 (NULL Pointer Dereference), enables a four-step attack chain: EDR bypass, Remote Code Execution (RCE), persistence via a custom kernel driver, and a Privileged Persistent Denial of Service (DoS). The vulnerability was discovered by Ashes Cybersecurity and remains unpatched as of the disclosure date, posing severe risks to enterprises relying on Elastic’s SIEM and EDR solutions. The attacker can manipulate the trusted driver to exhibit malware-like behavior, disabling endpoints at scale.
Date Detected: 2025-06-02
Date Publicly Disclosed: 2025-08-16
Type: Zero-Day Vulnerability
Attack Vector: Local/Remote Code Execution via Custom LoaderKernel Driver ManipulationNULL Pointer Dereference Exploit (CWE-476)
Vulnerability Exploited: Cve Id: None, Cwe Id: CWE-476, Description: NULL Pointer Dereference in 'elastic-endpoint-driver.sys' kernel driver, allowing uncontrolled pointer dereferencing in privileged kernel routines, leading to BSOD and system compromise., Elastic DefendElastic AgentAffected Component: elastic-endpoint-driver.sys (version 8.17.6 and likely subsequent versions), Severity: Critical.
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Exploitation of NULL Pointer Dereference in 'elastic-endpoint-driver.sys'Custom loader to bypass EDR.
Impact of the Incidents
What was the impact of each incident ?
Incident : Zero-Day Vulnerability ELA627081725
Systems Affected: Endpoints running Elastic EDR/AgentSystems with 'elastic-endpoint-driver.sys'
Downtime: ['Persistent system crashes (BSOD)', 'Potential large-scale endpoint disablement']
Operational Impact: Loss of EDR/SIEM protectionSystem instabilityPotential for follow-on attacks (e.g., malware deployment)
Brand Reputation Impact: Erosion of trust in Elastic’s security productsBroader industry skepticism toward EDR solutions
Which entities were affected by each incident ?
Incident : Vulnerability Exploit ELA921030725
Entity Name: Elastic
Entity Type: Organization
Industry: Technology
Incident : Zero-Day Vulnerability ELA627081725
Entity Name: Elasticsearch, Inc.
Entity Type: Software Vendor
Industry: Cybersecurity (SIEM/EDR)
Location: Global (HQ: Mountain View, California, USA)
Customers Affected: All organizations using Elastic Defend/Elastic Agent with vulnerable driver versions, Paying customers of Elastic (including Ashes Cybersecurity Pvt Ltd.)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploit ELA921030725
Remediation Measures: Upgrade to version 8.17.3 or laterAdditional security measures for those unable to upgrade immediately
Incident : Zero-Day Vulnerability ELA627081725
Third Party Assistance: Disclosure Attempts Via Hackerone (2025-06-11), Zero Day Initiative (Zdi) (2025-07-29).
Remediation Measures: No patch available as of disclosureCustomers advised to monitor for updates
Communication Strategy: Independent public disclosure by Ashes Cybersecurity (2025-08-16)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Disclosure attempts via HackerOne (2025-06-11), Zero Day Initiative (ZDI) (2025-07-29), .
Data Breach Information
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Upgrade to version 8.17.3 or later, Additional security measures for those unable to upgrade immediately, , No patch available as of disclosure, Customers advised to monitor for updates, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Zero-Day Vulnerability ELA627081725
Lessons Learned: Zero-day vulnerabilities in security products can undermine their core purpose, turning defensive tools into attack vectors., Kernel drivers, even when signed by trusted entities (e.g., Microsoft), can introduce critical risks if not rigorously validated., Delayed patching of disclosed vulnerabilities in widely used security software exposes enterprises to systemic risks., Transparency in disclosure timelines (e.g., HackerOne, ZDI) is critical for customer awareness and mitigation.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Exploit ELA921030725
Recommendations: Upgrade to version 8.17.3 or later, Additional security measures for those unable to upgrade immediatelyUpgrade to version 8.17.3 or later, Additional security measures for those unable to upgrade immediately
Incident : Zero-Day Vulnerability ELA627081725
Recommendations: Elastic should prioritize patching the NULL Pointer Dereference in 'elastic-endpoint-driver.sys' and conduct a full security audit of its kernel components., Customers should isolate or disable vulnerable Elastic EDR/Agent instances until a patch is available, and monitor for unusual system crashes or persistence mechanisms., Organizations should implement defense-in-depth strategies (e.g., additional EDR layers, behavioral monitoring) to mitigate risks from compromised security tools., Security vendors should adopt stricter code-signing practices and kernel driver validation to prevent similar exploits., Independent security researchers should be incentivized to responsibly disclose vulnerabilities through coordinated programs to reduce public exposure risks.Elastic should prioritize patching the NULL Pointer Dereference in 'elastic-endpoint-driver.sys' and conduct a full security audit of its kernel components., Customers should isolate or disable vulnerable Elastic EDR/Agent instances until a patch is available, and monitor for unusual system crashes or persistence mechanisms., Organizations should implement defense-in-depth strategies (e.g., additional EDR layers, behavioral monitoring) to mitigate risks from compromised security tools., Security vendors should adopt stricter code-signing practices and kernel driver validation to prevent similar exploits., Independent security researchers should be incentivized to responsibly disclose vulnerabilities through coordinated programs to reduce public exposure risks.Elastic should prioritize patching the NULL Pointer Dereference in 'elastic-endpoint-driver.sys' and conduct a full security audit of its kernel components., Customers should isolate or disable vulnerable Elastic EDR/Agent instances until a patch is available, and monitor for unusual system crashes or persistence mechanisms., Organizations should implement defense-in-depth strategies (e.g., additional EDR layers, behavioral monitoring) to mitigate risks from compromised security tools., Security vendors should adopt stricter code-signing practices and kernel driver validation to prevent similar exploits., Independent security researchers should be incentivized to responsibly disclose vulnerabilities through coordinated programs to reduce public exposure risks.Elastic should prioritize patching the NULL Pointer Dereference in 'elastic-endpoint-driver.sys' and conduct a full security audit of its kernel components., Customers should isolate or disable vulnerable Elastic EDR/Agent instances until a patch is available, and monitor for unusual system crashes or persistence mechanisms., Organizations should implement defense-in-depth strategies (e.g., additional EDR layers, behavioral monitoring) to mitigate risks from compromised security tools., Security vendors should adopt stricter code-signing practices and kernel driver validation to prevent similar exploits., Independent security researchers should be incentivized to responsibly disclose vulnerabilities through coordinated programs to reduce public exposure risks.Elastic should prioritize patching the NULL Pointer Dereference in 'elastic-endpoint-driver.sys' and conduct a full security audit of its kernel components., Customers should isolate or disable vulnerable Elastic EDR/Agent instances until a patch is available, and monitor for unusual system crashes or persistence mechanisms., Organizations should implement defense-in-depth strategies (e.g., additional EDR layers, behavioral monitoring) to mitigate risks from compromised security tools., Security vendors should adopt stricter code-signing practices and kernel driver validation to prevent similar exploits., Independent security researchers should be incentivized to responsibly disclose vulnerabilities through coordinated programs to reduce public exposure risks.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Zero-day vulnerabilities in security products can undermine their core purpose, turning defensive tools into attack vectors.,Kernel drivers, even when signed by trusted entities (e.g., Microsoft), can introduce critical risks if not rigorously validated.,Delayed patching of disclosed vulnerabilities in widely used security software exposes enterprises to systemic risks.,Transparency in disclosure timelines (e.g., HackerOne, ZDI) is critical for customer awareness and mitigation.
References
Where can I find more information about each incident ?
Incident : Zero-Day Vulnerability ELA627081725
Source: Ashes Cybersecurity Research
Date Accessed: 2025-08-16
Incident : Zero-Day Vulnerability ELA627081725
Source: HackerOne Disclosure Attempt
Date Accessed: 2025-06-11
Incident : Zero-Day Vulnerability ELA627081725
Source: Zero Day Initiative (ZDI) Disclosure Attempt
Date Accessed: 2025-07-29
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Ashes Cybersecurity ResearchDate Accessed: 2025-08-16, and Source: HackerOne Disclosure AttemptDate Accessed: 2025-06-11, and Source: Zero Day Initiative (ZDI) Disclosure AttemptDate Accessed: 2025-07-29.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Zero-Day Vulnerability ELA627081725
Investigation Status: Ongoing (no patch released; vulnerability confirmed via Proof of Concept)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Independent Public Disclosure By Ashes Cybersecurity (2025-08-16).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Zero-Day Vulnerability ELA627081725
Stakeholder Advisories: Customers Advised To Await Official Patch; No Temporary Mitigations Provided.
Customer Advisories: Ashes Cybersecurity (discoverer) is a paying customer; broader customer base at risk
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers Advised To Await Official Patch; No Temporary Mitigations Provided, Ashes Cybersecurity (Discoverer) Is A Paying Customer; Broader Customer Base At Risk and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Zero-Day Vulnerability ELA627081725
Entry Point: Exploitation Of Null Pointer Dereference In 'Elastic-Endpoint-Driver.Sys', Custom Loader To Bypass Edr,
Backdoors Established: ['Custom kernel driver for persistence']
High Value Targets: Elastic Edr/Agent Endpoints, Systems With Privileged Kernel Access,
Data Sold on Dark Web: Elastic Edr/Agent Endpoints, Systems With Privileged Kernel Access,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Exploit ELA921030725
Root Causes: Unsafe handling of prototype pollution
Corrective Actions: Upgrade To Version 8.17.3 Or Later, Additional Security Measures For Those Unable To Upgrade Immediately,
Incident : Zero-Day Vulnerability ELA627081725
Root Causes: Lack Of Proper Pointer Validation In Kernel-Mode Code (Cwe-476), Inadequate Input Sanitization For User-Mode Controllable Pointers In Privileged Routines, Delayed Vendor Response To Disclosure Attempts (Hackerone/Zdi), Over-Reliance On Code Signing Without Runtime Integrity Checks,
Corrective Actions: Patch Null Pointer Dereference In 'Elastic-Endpoint-Driver.Sys', Implement Stricter Kernel Driver Validation And Sandboxing, Enhance Secure Coding Practices For Privileged Components, Improve Vulnerability Disclosure And Patch Management Processes,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Disclosure Attempts Via Hackerone (2025-06-11), Zero Day Initiative (Zdi) (2025-07-29), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Upgrade To Version 8.17.3 Or Later, Additional Security Measures For Those Unable To Upgrade Immediately, , Patch Null Pointer Dereference In 'Elastic-Endpoint-Driver.Sys', Implement Stricter Kernel Driver Validation And Sandboxing, Enhance Secure Coding Practices For Privileged Components, Improve Vulnerability Disclosure And Patch Management Processes, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-06-02.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-08-16.
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Endpoints running Elastic EDR/AgentSystems with 'elastic-endpoint-driver.sys'.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was disclosure attempts via hackerone (2025-06-11), zero day initiative (zdi) (2025-07-29), .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Transparency in disclosure timelines (e.g., HackerOne, ZDI) is critical for customer awareness and mitigation.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Customers should isolate or disable vulnerable Elastic EDR/Agent instances until a patch is available, and monitor for unusual system crashes or persistence mechanisms., Additional security measures for those unable to upgrade immediately, Independent security researchers should be incentivized to responsibly disclose vulnerabilities through coordinated programs to reduce public exposure risks., Organizations should implement defense-in-depth strategies (e.g., additional EDR layers, behavioral monitoring) to mitigate risks from compromised security tools., Upgrade to version 8.17.3 or later, Security vendors should adopt stricter code-signing practices and kernel driver validation to prevent similar exploits. and Elastic should prioritize patching the NULL Pointer Dereference in 'elastic-endpoint-driver.sys' and conduct a full security audit of its kernel components..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Zero Day Initiative (ZDI) Disclosure Attempt, HackerOne Disclosure Attempt and Ashes Cybersecurity Research.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (no patch released; vulnerability confirmed via Proof of Concept).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers advised to await official patch; no temporary mitigations provided, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Ashes Cybersecurity (discoverer) is a paying customer; broader customer base at risk.
Initial Access Broker
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Unsafe handling of prototype pollution, Lack of proper pointer validation in kernel-mode code (CWE-476)Inadequate input sanitization for user-mode controllable pointers in privileged routinesDelayed vendor response to disclosure attempts (HackerOne/ZDI)Over-reliance on code signing without runtime integrity checks.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Upgrade to version 8.17.3 or laterAdditional security measures for those unable to upgrade immediately, Patch NULL Pointer Dereference in 'elastic-endpoint-driver.sys'Implement stricter kernel driver validation and sandboxingEnhance secure coding practices for privileged componentsImprove vulnerability disclosure and patch management processes.
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=elastic-co' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
