Can you explain this vulnerability to me?

CVE-2025-25012 is an Open Redirect vulnerability in Kibana that allows attackers to redirect users to arbitrary, untrusted external websites via specially crafted URLs. Additionally, it can enable server-side request forgery (SSRF) attacks. This issue affects Kibana versions up to 7.17.28, 8.0.0 through 8.17.7, 8.18.0 through 8.18.2, and 9.0.0 through 9.0.2, particularly when using Short URLs in the Discover, Dashboard, and Visualization Library features. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can impact you by causing users of Kibana to be redirected to malicious or untrusted external sites without their consent, potentially exposing them to phishing or other attacks. It also allows attackers to perform server-side request forgery (SSRF), which can be used to make unauthorized requests from the Kibana server, potentially leading to further exploitation or information disclosure. The integrity of your Kibana environment could be compromised, although confidentiality and availability are not directly affected. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate CVE-2025-25012, immediately upgrade Kibana to versions 7.17.29, 8.17.8, 8.18.3, or 9.0.3 where the vulnerability is fixed. If upgrading is not possible, restrict access to features that allow Short URL generation. For Basic license users, restrict access to Dashboard, Discover, Visualize, and Saved Objects Management features, especially those with top-level 'All' privileges. For Gold, Platinum, or Enterprise licenses, use sub-feature privileges to prevent Short URL creation while maintaining read/write access. Cloud administrators should similarly restrict Short URL generation capabilities to mitigate risk. [1]

Useful 0 Not Useful 0