Vulnerability cyber

Elastic

Mar 7, 2025 2 min read
Elastic

Elastic released a critical update to address a severe vulnerability in Kibana, identified as CVE-2025-25012. With a CVSS score of 9.9, the flaw allows for arbitrary code execution and primarily affects versions 8.15.0 to 8.17.2. The vulnerability, resulting from unsafe handling of prototype pollution, could be exploited by users with low privileges in earlier versions, and more advanced privileges in later versions. This security gap has the potential for severe consequences, such as unauthorized data access, system compromise, and service disruption, leading to theft or destruction of sensitive information. In response, Elastic urges users to upgrade to version 8.17.3 or later and recommends additional security measures for those unable to upgrade immediately.

Source: https://thecyberexpress.com/kibana-vulnerability-cve-2025-25012/

TPRM report: https://scoringcyber.rankiteo.com/company/elastic-co

"id": "ela921030725",
"linkid": "elastic-co",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Elastic',
                        'type': 'Organization'}],
 'attack_vector': 'Arbitrary Code Execution',
 'description': 'Elastic released a critical update to address a severe '
                'vulnerability in Kibana, identified as CVE-2025-25012. With a '
                'CVSS score of 9.9, the flaw allows for arbitrary code '
                'execution and primarily affects versions 8.15.0 to 8.17.2. '
                'The vulnerability, resulting from unsafe handling of '
                'prototype pollution, could be exploited by users with low '
                'privileges in earlier versions, and more advanced privileges '
                'in later versions. This security gap has the potential for '
                'severe consequences, such as unauthorized data access, system '
                'compromise, and service disruption, leading to theft or '
                'destruction of sensitive information. In response, Elastic '
                'urges users to upgrade to version 8.17.3 or later and '
                'recommends additional security measures for those unable to '
                'upgrade immediately.',
 'post_incident_analysis': {'corrective_actions': ['Upgrade to version 8.17.3 '
                                                   'or later',
                                                   'Additional security '
                                                   'measures for those unable '
                                                   'to upgrade immediately'],
                            'root_causes': 'Unsafe handling of prototype '
                                           'pollution'},
 'recommendations': ['Upgrade to version 8.17.3 or later',
                     'Additional security measures for those unable to upgrade '
                     'immediately'],
 'response': {'remediation_measures': ['Upgrade to version 8.17.3 or later',
                                       'Additional security measures for those '
                                       'unable to upgrade immediately']},
 'title': 'Critical Vulnerability in Kibana (CVE-2025-25012)',
 'type': 'Vulnerability Exploit',
 'vulnerability_exploited': 'CVE-2025-25012'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

SBI

public 1 min read
A significant security flaw identified in the YONO SBI banking application exposes millions of users to cybersecurity threats. The vulnerability,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.