Summary: Elastic has released security updates for Kibana to address a critical vulnerability, CVE-2025-25012, which allows for arbitrary code execution due to prototype pollution. The flaw affects all versions from 8.15.0 to 8.17.3 and is rated with a CVSS score of 9.9. Users are urged to upgrade to version 8.17.3 or disable certain features in the configuration if immediate patching isn’t feasible.
Affected: Kibana for Elasticsearch
Keypoints :
- Vulnerability allows arbitrary code execution via crafted file uploads and HTTP requests.
- Exploitable by users with specific roles and privileges depending on Kibana version.
- Users are advised to update to version 8.17.3 or disable the Integration Assistant feature in configuration.
Source: https://thehackernews.com/2025/03/elastic-releases-urgent-fix-for.html