CVE-2025-25015
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-03-05

Last updated on: 2025-10-02

Assigner: Elastic

Description
Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-03-05
Last Modified
2025-10-02
Generated
2026-04-23
AI Q&A
2025-03-05
EPSS Evaluated
2026-04-21
NVD
CVE-2025-25015
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
elastic kibana From 8.15.0 (inc) to 8.16.6 (exc)
elastic kibana From 8.17.0 (inc) to 8.17.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1321 The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me?

The vulnerability can lead to arbitrary code execution, which means an attacker could potentially execute malicious code on your system. This could compromise the integrity, confidentiality, and availability of your data and systems, leading to severe security breaches, data loss, or unauthorized access to sensitive information.


Can you explain this vulnerability to me?

CVE-2025-25015 is a prototype pollution vulnerability in Kibana that allows for arbitrary code execution through crafted file uploads and specifically crafted HTTP requests. It affects Kibana versions >= 8.15.0 and < 8.17.1, where users with the Viewer role can exploit it. In versions 8.17.1 and 8.17.2, exploitation is limited to users with roles that have specific privileges, including fleet-all, integrations-all, and actions:execute-advanced-connectors.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?

This vulnerability could significantly impact compliance with standards like GDPR and HIPAA, as it poses risks to data security and privacy. Arbitrary code execution could lead to unauthorized access to personal data or sensitive health information, resulting in potential data breaches. Such incidents could lead to non-compliance penalties, legal liabilities, and damage to reputation.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

To detect this vulnerability, you can check the version of Kibana running on your system. Use the following command to check the version: `curl -X GET 'http://<kibana_host>:<port>/api/status'`. If the version is between 8.15.0 and 8.17.1, it is vulnerable. Additionally, you can look for any unusual HTTP requests or file uploads that may indicate exploitation attempts.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, immediately upgrade Kibana to a version that is not affected, such as 8.17.3 or later. Additionally, review user roles and permissions to ensure that only trusted users have access to roles with the necessary privileges. Implement network security measures to restrict access to the Kibana instance.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart