CVE-2025-25015
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-03-05

Last updated on: 2025-10-02

Assigner: Elastic

Description
Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-03-05
Last Modified
2025-10-02
Generated
2026-06-22
AI Q&A
2025-03-05
EPSS Evaluated
2026-06-21
NVD
CVE-2025-25015
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
elastic kibana From 8.15.0 (inc) to 8.16.6 (exc)
elastic kibana From 8.17.0 (inc) to 8.17.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1321 The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can lead to arbitrary code execution, which means an attacker could potentially execute malicious code on your system. This could compromise the integrity, confidentiality, and availability of your data and systems, leading to severe security breaches, data loss, or unauthorized access to sensitive information.

Executive Summary

CVE-2025-25015 is a prototype pollution vulnerability in Kibana that allows for arbitrary code execution through crafted file uploads and specifically crafted HTTP requests. It affects Kibana versions >= 8.15.0 and < 8.17.1, where users with the Viewer role can exploit it. In versions 8.17.1 and 8.17.2, exploitation is limited to users with roles that have specific privileges, including fleet-all, integrations-all, and actions:execute-advanced-connectors.

Compliance Impact

This vulnerability could significantly impact compliance with standards like GDPR and HIPAA, as it poses risks to data security and privacy. Arbitrary code execution could lead to unauthorized access to personal data or sensitive health information, resulting in potential data breaches. Such incidents could lead to non-compliance penalties, legal liabilities, and damage to reputation.

Detection Guidance

To detect this vulnerability, you can check the version of Kibana running on your system. Use the following command to check the version: `curl -X GET 'http://<kibana_host>:<port>/api/status'`. If the version is between 8.15.0 and 8.17.1, it is vulnerable. Additionally, you can look for any unusual HTTP requests or file uploads that may indicate exploitation attempts.

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade Kibana to a version that is not affected, such as 8.17.3 or later. Additionally, review user roles and permissions to ensure that only trusted users have access to roles with the necessary privileges. Implement network security measures to restrict access to the Kibana instance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-25015. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart