Search In Site

Security Alerts

Severity Level: Critical   

Title: 

Critical Vulnerability in Kibana

Summary:

Vulnerability Details:

• CVE-2025-25014

• CVSS Score: 9.1 Critical

• A prototype pollution vulnerability exists in Kibana. This flaw allows remote attackers to execute

arbitrary code on affected Kibana instances by sending specially crafted HTTP requests to the

Machine Learning and Reporting endpoints. Both self-hosted and Elastic Cloud deployments are

affected if these features are enabled.

• Successful exploitation allows unauthenticated attackers to manipulate JavaScript object

prototypes, potentially overriding application logic and escalating to remote code execution. This

poses a severe risk to environments that process sensitive telemetry and analytics data.

Affected Versions

• Kibana 8.3.0 – 8.17.5

• Kibana 8.18.0

• Kibana 9.0.0

Fixed versions:

• Kibana Versions 8.17.6, 8.18.1, or 9.0.1

Recommendations:

We recommend updating the affected versions to the fixed or latest versions released by Kibana.

References:

click here