APM Server (Windows Installer) 8.16.3, 8.17.1 Security Update (ESA-2025-01)

Bryan_Garcia · July 29, 2025, 11:30pm

APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer (ESA-2025-01)

An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges.

Affected Versions:

APM Server version up to and including 8.16.2, and up to and including 8.17.0.

Affected Configurations:

The issue only affects APM Server when installed through the install-service script for Windows.

Solutions and Mitigations:

The issue is resolved in version 8.16.3 and 8.17.1.

Severity: CVSSv3.1: 7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE ID: CVE-2025-0712

________________________________________________________________________________________________

Change log

2025-08-21: Updated wording on the “Affected Configurations” to clearly state this is caused by the Windows install script.

Topic		Replies	Views
APM Java Agent Security Update Security Announcements	1	8841	November 4, 2022
Beats (Windows Installer) 8.18.6, 8.19.3, 9.0.6, & 9.1.0 Security Update (ESA-2025-12) Security Announcements	0	2113	July 29, 2025
APM Java Agent Security Update Security Announcements	1	9678	November 4, 2022
APM Server 8.16.1 Security Update (ESA-2024-41) Security Announcements	0	671	May 1, 2025
Run APM in local APM server	1	172	June 5, 2025