CVE-2025-68385
- Source
- https://cve.org/CVERecord?id=CVE-2025-68385
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68385.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-68385
- Aliases
- Related
- Published
- 2025-12-18T23:15:49.017Z
- Modified
- 2026-02-13T02:56:26.552105Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a method in Vega bypassing a previous Vega XSS mitigation.
- References
Affected packages
Git / github.com/elastic/elasticsearch
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68385.json"
vanir_signatures
[
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "296669718838530754517330400557038710268",
"length": 215.0
},
"id": "CVE-2025-68385-00dd0cee",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettings.java",
"function": "toXContentFragmentOfExposedFields"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/f60dd5fdef48c4b6cf97721154cd49b3b4794fb0",
"digest": {
"function_hash": "229166255045301346585622455642873789853",
"length": 305.0
},
"id": "CVE-2025-68385-03e305b5",
"deprecated": false,
"target": {
"file": "x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/RoleDescriptorRequestValidator.java",
"function": "validateIndexNameExpression"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "61636142526860727119561356042742474145",
"length": 720.0
},
"id": "CVE-2025-68385-1357a45d",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettingsTests.java",
"function": "testFromMap_WithEmbeddingType"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "327862240518283455076225985421898546230",
"length": 581.0
},
"id": "CVE-2025-68385-23405408",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/JinaAIService.java",
"function": "updateModelWithEmbeddingDetails"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "3437721436977061857042359063057716844",
"length": 654.0
},
"id": "CVE-2025-68385-2527c90d",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettingsTests.java",
"function": "testFromMap"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "322346928844008195473879775266227015991",
"length": 2253.0
},
"id": "CVE-2025-68385-266a3d34",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/JinaAIServiceTests.java",
"function": "testInfer_Embedding_Get_Response_Ingest"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "218595192478314274530902666641062240264",
"length": 2208.0
},
"id": "CVE-2025-68385-2eec8bf6",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/JinaAIServiceTests.java",
"function": "testInfer_Embedding_Get_Response_NullInputType"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "88564548055918590153648878421650782588",
"length": 432.0
},
"id": "CVE-2025-68385-31750f13",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettings.java",
"function": "writeTo"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "257657751058134272225135268399230944586",
"length": 457.0
},
"id": "CVE-2025-68385-31ce2d1f",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/request/JinaAIEmbeddingsRequestEntityTests.java",
"function": "testXContent_WritesNoOptionalFields_WhenTheyAreNotDefined"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "53954323310965268989541719376740817744",
"length": 3360.0
},
"id": "CVE-2025-68385-34b1c313",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/JinaAIServiceTests.java",
"function": "test_Embedding_ChunkedInfer_BatchesCalls"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "190372082749418415456144516335365146025",
"length": 437.0
},
"id": "CVE-2025-68385-35a7d42b",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettings.java",
"function": "JinaAIEmbeddingsServiceSettings"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"line_hashes": [
"329205185985551687538818139785636844743",
"156521409523750656800978946954228442493",
"161837051495963659727623113151609862550",
"263770349494209804298906474665268247213",
"277809956809643368468783881390383368573",
"76399018348669116782750423093423295166",
"229973153575489767091931921415084972020",
"226060955975025103496444356409176141365",
"69902270832262079388929400203097642608",
"217755367517121681241527404395788988532",
"231394679354670734542856873250528820934",
"82864970205235967991110958229407324199",
"201407396690628169056376148892722306896"
],
"threshold": 0.9
},
"id": "CVE-2025-68385-3a071d42",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/request/JinaAIEmbeddingsRequest.java"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "120341716416207492004072848571944862671",
"length": 2251.0
},
"id": "CVE-2025-68385-3b269d23",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/JinaAIServiceTests.java",
"function": "testInfer_Embedding_Get_Response_Search"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "23440716785018471949702828950452257564",
"length": 504.0
},
"id": "CVE-2025-68385-3d5f734b",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettingsTests.java",
"function": "testFromMap_InvalidSimilarity_ThrowsError"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "2880729049285314717404510898713473620",
"length": 393.0
},
"id": "CVE-2025-68385-4819eefe",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsModelTests.java",
"function": "createModel"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"line_hashes": [
"20137376395700319137597864824258118429",
"143568495204396991797509163325210852771",
"325602041046190854597959484431015685939",
"288843603968293591638979190703388317267",
"101950227402823777242371673605051791181",
"166758396942312379372395659781669290206",
"278718663064063363316251506976894448649",
"212399389079886836605543339852444523407",
"250203773077855042404962327208708138943",
"230416559017059821520183946261539732039",
"95193966650445959194847847505436326418",
"111787456134457976921302558387807669810",
"290330347011016020330307639978062680925",
"328915847032411704984589371417498816548",
"318376852183111710755517418143250379960",
"67545647645980725651610001429823519767",
"2163480632373102478282934769941552392",
"8840698156676597764671138560918124451",
"245298039352865310585904059717113237393",
"80863357812754573099511403486038164350",
"199962881365432046308797957765950745089",
"309875476632864762898934681330133272893",
"96462226720398096126265418003035046114",
"330311528816909585629478817117355730911",
"71704942712056519780415835167950542702",
"217432244333497978902499964739154536490",
"15508539863049257809909569382208518467",
"185744298626175679320603722721336039909",
"227182704355570163880522117207196609740",
"204682078914256771626059015689103713390",
"243075096188894644556540042001692020884",
"123624295228942010418309911894483715134",
"44012290824877986068991971478058869965",
"207868977759216174516885415828583265177",
"164771685348833071445343882908387114711",
"310582657005465117876219745547469183593",
"99848821478850421662282460219073608043",
"323053919859169338453173085071270861113",
"145790306110783800515980655150601654399",
"306354913372051322970024529994319594532",
"69444836208332524679080933626601742453",
"68717555802371858359190103715129896680",
"122311705967190530018078768271822446494",
"209544680954279534964926055680291682773",
"165747918807188701842368262212749501657",
"292188914535321647733572939469954597258",
"90468975070751712726780852451167473433",
"156771313240553261264207124639950133565",
"182550385455512204077499468512933923136",
"104835852400344596193337538224835322729",
"131399427688178429367517565266362902994",
"62647489424071746707873933360399036472",
"168029069851481636615452229911308103972",
"199834718772230496587787095880708362330",
"336928353283964190652009594929869740553",
"196567542432372033269492280403314094517",
"283506997925558098695368024733698951383",
"269178980553209232066531572211001720812",
"74005677764665532270840767260285518795",
"339688553568633338813657478563589037745",
"339985151469852516939203205616277227954",
"145237870294661139387759554804946776103",
"80504919340097297672404694562322369233",
"190282230968450912735342841480449715278",
"221348249152877161737019105242867383639",
"107326199521294085305811904760663866685",
"187798966959328830179745672963443614886",
"124734325743189213423506294514923657481",
"251969328610863074656916614249536059527",
"272152911734367378341178986092993266463",
"302054816727770484071069165256910504692",
"229822852407758348950405118677055648399",
"14724571177039417466485481785728924897",
"146918065566254632029448745188958075034",
"254827756652315200984205316780208557661",
"131767496541099167942236660745147968763",
"241482908014257556565270103222343648923"
],
"threshold": 0.9
},
"id": "CVE-2025-68385-4aac7a23",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettings.java"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "171981972558782582863544579899504689709",
"length": 483.0
},
"id": "CVE-2025-68385-51519972",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettings.java",
"function": "equals"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "174378446445945732619391064207429098275",
"length": 505.0
},
"id": "CVE-2025-68385-65060ea8",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettings.java",
"function": "fromMap"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "42956560136020417530191717033111816499",
"length": 494.0
},
"id": "CVE-2025-68385-6bfde496",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/request/JinaAIEmbeddingsRequestEntityTests.java",
"function": "testXContent_EmbeddingTypesBit"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "163117961512286588595620023656269243134",
"length": 252.0
},
"id": "CVE-2025-68385-6c03feb9",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettingsTests.java",
"function": "mutateInstanceForVersion"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "72524150342225857283013222117598083275",
"length": 498.0
},
"id": "CVE-2025-68385-6c747d94",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/request/JinaAIEmbeddingsRequestEntityTests.java",
"function": "testXContent_EmbeddingTypesBinary"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "48596901173048963081945890585622846667",
"length": 136.0
},
"id": "CVE-2025-68385-7214e3d5",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettingsTests.java",
"function": "mutateInstance"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "124165906044816061639306210435168770570",
"length": 583.0
},
"id": "CVE-2025-68385-73275f74",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/request/JinaAIEmbeddingsRequestEntity.java",
"function": "toXContent"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/f60dd5fdef48c4b6cf97721154cd49b3b4794fb0",
"digest": {
"line_hashes": [
"22799343236770748403298540225288566789",
"148306469380463964857590464523617086489",
"112708772737749378359171394647526694800",
"54738819031625359442437444026504288464",
"215408533376176740699445489020547479671"
],
"threshold": 0.9
},
"id": "CVE-2025-68385-74b79f8c",
"deprecated": false,
"target": {
"file": "x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/RoleDescriptorRequestValidator.java"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"line_hashes": [
"24346991942662459737175935350872158195",
"120707778773881889896535560669732261514",
"311163631742346552011763178482937560549",
"148145438099903987171325653629744675324"
],
"threshold": 0.9
},
"id": "CVE-2025-68385-761f1c85",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/JinaAIService.java"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "43119879523949915219135478706560982315",
"length": 378.0
},
"id": "CVE-2025-68385-762a71bb",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsModelTests.java",
"function": "createModel"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"line_hashes": [
"173975273352946135523281552797409631756",
"279311987463849074776138364261778201041",
"36722683771728824266822839299201567986",
"300844716343241916596351912786730001311",
"173975273352946135523281552797409631756",
"279311987463849074776138364261778201041",
"36722683771728824266822839299201567986",
"210793128473167525480327021528149298530",
"52614861164983616484360294837707265660",
"279311987463849074776138364261778201041",
"36722683771728824266822839299201567986",
"210793128473167525480327021528149298530"
],
"threshold": 0.9
},
"id": "CVE-2025-68385-77d1d6c1",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsModelTests.java"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "83324152685317243412387041582006390424",
"length": 514.0
},
"id": "CVE-2025-68385-84b991e2",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettings.java",
"function": "toXContent"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "310482716037145422244242605435489205207",
"length": 275.0
},
"id": "CVE-2025-68385-8b12ba8f",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettings.java",
"function": "JinaAIEmbeddingsServiceSettings"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"line_hashes": [
"146531459197912654430658723449059204450",
"189709676961471987354453147546382718879",
"319079243387966198456093065691062763914",
"276070197424092398175950022486302305189",
"60511609517824714727110364902327112734",
"233021307626014982716059054457395670570",
"322386738783672658916574597405639057908",
"43399350283726278882946946081308893506",
"295178638006668731662105461497081846216",
"235217911441966876862156993836246158195",
"278196845290163914227463647169457571730"
],
"threshold": 0.9
},
"id": "CVE-2025-68385-92d51677",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/request/JinaAIEmbeddingsRequestEntity.java"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "277680413678530137616293831158348643519",
"length": 303.0
},
"id": "CVE-2025-68385-95eee8c7",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettingsTests.java",
"function": "getServiceSettingsMap"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "275287518889400746405957524742946923920",
"length": 377.0
},
"id": "CVE-2025-68385-a6450174",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsModelTests.java",
"function": "createModel"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"line_hashes": [
"93536488808253040265445925100126752883",
"53136015625459031354999930948044620333",
"87386873485089860729687106635930881318",
"16015262506111208192837769313580002609",
"268456540527385820216615537271081016571",
"30569764514080460963788692644506058435",
"235692011810226658821486435236683526828",
"73598680175381710941513905544678400553",
"120352091011525260525120811225862675307",
"11184055779868388890313039495256714350",
"275243144735848149930773021553812757391",
"249219952917905914244902257760069524097",
"268456540527385820216615537271081016571",
"30569764514080460963788692644506058435",
"301048407765415453376153825991132992376",
"211303720349858859365970311017955037273",
"69125143931402857413739740318029835616",
"87506743929399314518893337145613187851",
"26922606249419403366333713847851578513",
"25230320541318263329102709196948215036",
"263833093393844198987329445993188221185",
"130045956664240406584603613404531177885",
"30762594208363273699008143154481421140",
"106430622508727181704700385410273523456",
"315470652661194547558891612075976650983",
"81102946304343618726384958609734790333",
"110284448494511623646280492532090674274",
"246119201028432301945548001853501242983"
],
"threshold": 0.9
},
"id": "CVE-2025-68385-a774d5fc",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/request/JinaAIEmbeddingsRequestEntityTests.java"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "279657826965559490251092911228846224858",
"length": 651.0
},
"id": "CVE-2025-68385-a8fcdfee",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettingsTests.java",
"function": "testFromMap_WithModelId"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "41934849031145463113211487514995705169",
"length": 497.0
},
"id": "CVE-2025-68385-aa4f42ca",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/request/JinaAIEmbeddingsRequestEntityTests.java",
"function": "testXContent_WritesAllFields_WhenTheyAreDefined"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "282525061750380940968849706458734405884",
"length": 583.0
},
"id": "CVE-2025-68385-af2fea9c",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettingsTests.java",
"function": "testToXContent_WritesAllValues"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "105421263735490159334140829804738128977",
"length": 1834.0
},
"id": "CVE-2025-68385-b379dc46",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/JinaAIServiceTests.java",
"function": "testInfer_Embedding_Get_Response_clustering"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"line_hashes": [
"56055951291300555647195065559131698026",
"31895647983710858544085833070262470863",
"148363760337767783599103747028795811900",
"271859983555182216112478595726761493269"
],
"threshold": 0.9
},
"id": "CVE-2025-68385-b5690f46",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/ServiceFields.java"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "274313579321826774240477621701856601509",
"length": 429.0
},
"id": "CVE-2025-68385-b8cfd504",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/request/JinaAIEmbeddingsRequest.java",
"function": "JinaAIEmbeddingsRequest"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "124546654311834030146027571165361806209",
"length": 334.0
},
"id": "CVE-2025-68385-bdaefaaa",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/request/JinaAIEmbeddingsRequest.java",
"function": "createHttpRequest"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "34840557437121018695596610899161045546",
"length": 325.0
},
"id": "CVE-2025-68385-ceaff4dd",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettingsTests.java",
"function": "createRandom"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"line_hashes": [
"245898492704202781618243817569218326306",
"67501833343761097246479344809107928250",
"26191619696931729812527222681084604534",
"145682395364136656499709819849458694737",
"226084443725593453679436346653971184885",
"40097836634950921022271985002222587778",
"29416049481037945238355352715557208271",
"181682285515702201331080987817157267977",
"145012762643848207994887481636772193453",
"187962925880899513420005542897429230759",
"232705399138541613594390365215748785190",
"312825094038560970703990294043884266525",
"52291326828319158770543641835867089021",
"280112493475785221155870671772637974808",
"164902654593272460174121317036657908289",
"322844889152663140220908409881417476031",
"65999004064403769837776147044478686331",
"185585218325157512391781255800255450267",
"46911925383538925424005918961845659131",
"211692363648053564002365092475720080210",
"335776195669013452736401408304360991276",
"220876474561492263493350770502581668985",
"159439947955040784487771208452491351221",
"179677517187493556071822530271186708638",
"31941094306236976574042450597084512213",
"289357168679174903926015097759128316654",
"328715631896943847950883094539443147847",
"95609287121417597208418946651370045234",
"51814575944579382171304755450915244872",
"242664718316107896184136713910177619046",
"296061669192371484975249312682297353510",
"226751503787199066972878820689646476962",
"215346384781983746537990056316469625568",
"7640729708516867395148930048929147840",
"53729953946877461246582578251340156681",
"76537675166448261816504589855750855244",
"269888053111036272156442325059808115241",
"336597859882897537201190432740706394935",
"224790503366592533324375442757419776955",
"277063495809606674015018183214906933742",
"122235362605737267859545847759865129444",
"48912692956177129561465890886869235051",
"85017557119980232021851932115070772383",
"288812629964638583016938874778656862716",
"30972905987957106410520797798390416712",
"134463505031037795433239452021466001821",
"19996663070283599200211602792788086762",
"335776195669013452736401408304360991276",
"220876474561492263493350770502581668985",
"159439947955040784487771208452491351221",
"179677517187493556071822530271186708638",
"31941094306236976574042450597084512213",
"289357168679174903926015097759128316654",
"328715631896943847950883094539443147847",
"95609287121417597208418946651370045234",
"51814575944579382171304755450915244872",
"242664718316107896184136713910177619046",
"296061669192371484975249312682297353510",
"226751503787199066972878820689646476962",
"215346384781983746537990056316469625568",
"7640729708516867395148930048929147840",
"53729953946877461246582578251340156681",
"122235362605737267859545847759865129444",
"48912692956177129561465890886869235051",
"85017557119980232021851932115070772383",
"288812629964638583016938874778656862716",
"30972905987957106410520797798390416712",
"134463505031037795433239452021466001821",
"80271779898698344895594917315372060961",
"335776195669013452736401408304360991276",
"220876474561492263493350770502581668985",
"159439947955040784487771208452491351221",
"179677517187493556071822530271186708638",
"31941094306236976574042450597084512213",
"289357168679174903926015097759128316654",
"328715631896943847950883094539443147847",
"95609287121417597208418946651370045234",
"51814575944579382171304755450915244872",
"242664718316107896184136713910177619046",
"296061669192371484975249312682297353510",
"226751503787199066972878820689646476962",
"215346384781983746537990056316469625568",
"7640729708516867395148930048929147840",
"85145320776950494801108704300045943515",
"284905105820524093865999316402513523952",
"136741729865535891519410493891040532564",
"59159587399901324709142631071398177404",
"262908286439473994174673202005696124792",
"122235362605737267859545847759865129444",
"48912692956177129561465890886869235051",
"140641629841432923807536943481418684467",
"320911360149692961973763750575565031666",
"25074197896641557705826368433814872840",
"7351135797566873187319571241692280056",
"188373934987799547917183847069626619367",
"61094120417172750989065306447476705845",
"155476135263214783854223039752703879369",
"333932944688135900522164044592878664045",
"181732758574684536721878140123590297175",
"310860754229538008967819277067252162814",
"199070996465928241262453666414725439777",
"19694684354014330641318361351941584380",
"149136882624437089869991061650385674813",
"2310446890352259611492936786250939709",
"258495450200792055851360773066289416706",
"163186776007756957916698622631396257351",
"291885799359291759686415681667693073073",
"126062140384578861867796884968974159956",
"61286183738465547780591502602795152136",
"62001025233197093342975779244224208590",
"217625182877297124065953300365229653278",
"211627409500726182037869042088134100102",
"101172684010617470225525387838317285859",
"140318678196321665462451218231869947992",
"249497544240103695680788369641400073137",
"274274876441679809274875754587801017181",
"118315009138561288890341995738634610554",
"168334787347261624066305920605999942451",
"179110554008951619556370204206878658095",
"146608108943576791888980472840740789855",
"240827305458898630861316382311961094773",
"297159238256348135912182776668475340348",
"14739047505768292038850979512558830412",
"126970201836207986043211417472893549508",
"91077909518311884057118522451739580164",
"235912301376783121401375065980776585341",
"224574835077487185131158982972914949118",
"326746675284992649918384697694253697529",
"332974863104103526518224877352026621649",
"169866392518049748644198932197369607357",
"36806685324209057723003813010923841710",
"191224529664944558551418620881736741554",
"306410788858431264842484333665788535320",
"118698775179663288924362200515850256469",
"227073114576964971703197271023140195803",
"68243160563552747591329245588719103410"
],
"threshold": 0.9
},
"id": "CVE-2025-68385-d39fa20d",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettingsTests.java"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "186124863076148009793709372539647685549",
"length": 2249.0
},
"id": "CVE-2025-68385-e15c3a81",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/JinaAIServiceTests.java",
"function": "testInfer_Embedding_DoesNotSetInputType_WhenNotPresentInTaskSettings_AndUnspecifiedIsPassedInRequest"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/f60dd5fdef48c4b6cf97721154cd49b3b4794fb0",
"digest": {
"line_hashes": [
"35308104646925593422797425754370691903",
"305064702061835088979702429131580923084",
"85843254806226700035260888561335619158",
"60079007924553349940581118979270624908",
"188733035935134607917526267132093491593",
"134130522338909018824882908608939301094"
],
"threshold": 0.9
},
"id": "CVE-2025-68385-e904b954",
"deprecated": false,
"target": {
"file": "x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/RoleDescriptorRequestValidatorTests.java"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"function_hash": "154490146273110553648725158549465780145",
"length": 128.0
},
"id": "CVE-2025-68385-f24e3e1b",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/jinaai/embeddings/JinaAIEmbeddingsServiceSettings.java",
"function": "hashCode"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/d8972a71dbbd64ff17f2f4dba9ca2c3fe09fb100",
"digest": {
"line_hashes": [
"146452903949046522628390950213932550935",
"30227069040256398302153363043466492991",
"100787586181389901268155990987363297779",
"242630934890501956135797046143020284142",
"313125651941613159380166234020608557273",
"212870786764646833340973495617680281690",
"19553436720981837013102260218527376871",
"221176751070901684476406570453469073461",
"313924776533525546041875366400334768563",
"161819772300969004172157633074579150735",
"315873186225952074453677218645955825997",
"219653081951843104126162973077669313656",
"75003831783166629268295007171289892700",
"306787997449289907201126513660580252572",
"300441511467298516400958077544674327243",
"231815086121700365054730252576580464301",
"170781339265398807724894840861804758769",
"212164113370912752499838498594084660336",
"323835506693502494538444630794323541778",
"56128689798728979398625151986875039504",
"334659403230834910753730050397985264842",
"247802792689403760709974231997007943992",
"275047780996518983033035462264238172621",
"104815463047252670154704483704232057717",
"260555864609583658992206739034159910948",
"263442180997142261924593004983871871654",
"54677799866999567864389098586465849917",
"137161929415449276794025473809269784106",
"146452903949046522628390950213932550935",
"30227069040256398302153363043466492991",
"100787586181389901268155990987363297779",
"242630934890501956135797046143020284142",
"313125651941613159380166234020608557273",
"212870786764646833340973495617680281690",
"19553436720981837013102260218527376871",
"221176751070901684476406570453469073461",
"313924776533525546041875366400334768563",
"161819772300969004172157633074579150735",
"315873186225952074453677218645955825997",
"219653081951843104126162973077669313656",
"75003831783166629268295007171289892700",
"306787997449289907201126513660580252572",
"300441511467298516400958077544674327243",
"231815086121700365054730252576580464301",
"170781339265398807724894840861804758769",
"212164113370912752499838498594084660336",
"323835506693502494538444630794323541778",
"195637658707801103550109357384724342434",
"334659403230834910753730050397985264842",
"247802792689403760709974231997007943992",
"275047780996518983033035462264238172621",
"104815463047252670154704483704232057717",
"299588329652651049516896290150413668959",
"294969941909998751663109253587553649217",
"118126820670761490563588109141216453004",
"298128373591304921830932162735842423019",
"55171269921958261246621914376231166578",
"30227069040256398302153363043466492991",
"100787586181389901268155990987363297779",
"242630934890501956135797046143020284142",
"313125651941613159380166234020608557273",
"212870786764646833340973495617680281690",
"19553436720981837013102260218527376871",
"221176751070901684476406570453469073461",
"313924776533525546041875366400334768563",
"161819772300969004172157633074579150735",
"315873186225952074453677218645955825997",
"219653081951843104126162973077669313656",
"75003831783166629268295007171289892700",
"306787997449289907201126513660580252572",
"300441511467298516400958077544674327243",
"231815086121700365054730252576580464301",
"170781339265398807724894840861804758769",
"212164113370912752499838498594084660336",
"323835506693502494538444630794323541778",
"169416315466844931830526532952752837107",
"334659403230834910753730050397985264842",
"247802792689403760709974231997007943992",
"275047780996518983033035462264238172621",
"104815463047252670154704483704232057717",
"258226413768051029460439781779297839984",
"336120844115846812811875970432902372217",
"239492037624756144515691335557349979399",
"275575017323579234958778553259513144662",
"146452903949046522628390950213932550935",
"30227069040256398302153363043466492991",
"100787586181389901268155990987363297779",
"242630934890501956135797046143020284142",
"313125651941613159380166234020608557273",
"212870786764646833340973495617680281690",
"19553436720981837013102260218527376871",
"221176751070901684476406570453469073461",
"313924776533525546041875366400334768563",
"161819772300969004172157633074579150735",
"315873186225952074453677218645955825997",
"219653081951843104126162973077669313656",
"75003831783166629268295007171289892700",
"306787997449289907201126513660580252572",
"300441511467298516400958077544674327243",
"231815086121700365054730252576580464301",
"170781339265398807724894840861804758769",
"212164113370912752499838498594084660336",
"323835506693502494538444630794323541778",
"149859053293726844493531575519161774422",
"330812949122326377935915809686746653381",
"10046801161983008800079867361981437667",
"196689000339429863595127989938109881291",
"14311492926161998778710266889464189092",
"255295375054195270437697734342830007276",
"264491412895815052393112851011137356197",
"334659403230834910753730050397985264842",
"247802792689403760709974231997007943992",
"68106594187354895077261141719419292299",
"222871446188504643616461929179556026072",
"144316229846353499159410579280821050942",
"94815472593464642737885989807617398612",
"146452903949046522628390950213932550935",
"30227069040256398302153363043466492991",
"100787586181389901268155990987363297779",
"239726232307382229325482141545799284646",
"63556435140317472537036013807576877081",
"216499198011086248550253799457320165454",
"327919045427870687879744350081675660002",
"221176751070901684476406570453469073461",
"313924776533525546041875366400334768563",
"161819772300969004172157633074579150735",
"315873186225952074453677218645955825997",
"219653081951843104126162973077669313656",
"75003831783166629268295007171289892700",
"306787997449289907201126513660580252572",
"300441511467298516400958077544674327243",
"231815086121700365054730252576580464301",
"170781339265398807724894840861804758769",
"212164113370912752499838498594084660336",
"323835506693502494538444630794323541778",
"233340868164175417955805043975170401444",
"334659403230834910753730050397985264842",
"247802792689403760709974231997007943992",
"68106594187354895077261141719419292299",
"222871446188504643616461929179556026072",
"144316229846353499159410579280821050942",
"238074392894039322795168224791690116867",
"255477396120924655515653653844558239898",
"131523041973053567984726867308381717683",
"142234925899764581700489641618464276516",
"10831111852139105674583754580813952978"
],
"threshold": 0.9
},
"id": "CVE-2025-68385-fc3bb16b",
"deprecated": false,
"target": {
"file": "x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/jinaai/JinaAIServiceTests.java"
}
}
]