Impact of CVE-2025-46295

Max-KI (Max Wenzel) January 8, 2026, 2:40pm 1

CVE-2025-46295

I just downloaded elastic-9.2.3 for Windows. Our security scanner is flagging it because commons-text-1.4.jar is found in the directory elasticsearch-9.2.3\modules\x-pack-inference, and CVE-2025-46295 has not been fixed in this version. Is this a problem, or can we ignore it?

Topic		Replies	Views
Impact of CVE-2022-42889 on Elastic stack Elasticsearch	5	2430	November 21, 2022
Vulnerability (CVE-2022-42889) Apache Commons Text Elasticsearch	2	902	October 19, 2022
CVE-2025-66516 Elastic Security	4	235	December 17, 2025
JRE 24 vulnerability Elasticsearch	2	205	August 13, 2025
CVEs present in the latest version Elasticsearch	2	523	June 6, 2023

Impact of CVE-2025-46295

CVE-2025-46295

Related topics