Elastic released a critical update to address a severe vulnerability in Kibana, identified as CVE-2025-25012. With a CVSS score of 9.9, the flaw allows for arbitrary code execution and primarily affects versions 8.15.0 to 8.17.2. The vulnerability, resulting from unsafe handling of prototype pollution, could be exploited by users with low privileges in earlier versions, and more advanced privileges in later versions. This security gap has the potential for severe consequences, such as unauthorized data access, system compromise, and service disruption, leading to theft or destruction of sensitive information. In response, Elastic urges users to upgrade to version 8.17.3 or later and recommends additional security measures for those unable to upgrade immediately.
Source: https://thecyberexpress.com/kibana-vulnerability-cve-2025-25012/
"id": "ela921030725",
"linkid": "elastic-co",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"