AI description
CVE-2025-25014 is a prototype pollution vulnerability found in Kibana that can lead to arbitrary code execution. The vulnerability can be exploited by sending crafted HTTP requests to the Machine Learning and Reporting endpoints. The vulnerability affects Kibana versions 8.3.0 to 8.17.5, 8.18.0, and 9.0.0. Both self-hosted and Elastic Cloud deployments are vulnerable if they have both Machine Learning and Reporting features enabled.
- Description
- A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
- Source
- bressers@elastic.co
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- bressers@elastic.co
- CWE-1321
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CVE-2025-25014(CVSS 9.1):Kibana原型污染漏洞可导致远程代码执行。 攻击者可通过向Kibana的机器学习(Machine Learning)和报告(Reporting)接口发送特制HTTP请求实现任意代码执行。 https://t.co/P7orAcuk60
@chenze654321
9 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution 🎯229k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/TDcT06CYfs FOFA Query:app="Kibana" 🔖Refer:https://t.co/WyYkpLcz3u #OSINT #FOFA
@fofabot
8 May 2025
1065 Impressions
5 Retweets
15 Likes
4 Bookmarks
0 Replies
0 Quotes
Threat Alert: Critical Vulnerability in Kibana Allows Attackers to Execute Arbitrary Code CVE-2025-25014 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/Tl9PFZ54XZ #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
8 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 Critical CVE-2025-25014 vulnerability in Kibana allows remote code execution. Immediate update required. #CyberSecurity #Kibana https://t.co/ML5kTrsgga https://t.co/BddWrockzf
@CyberHub_blog
8 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kibanaに重大な脆弱性、コード実行の恐れ(CVE-2025-25014) #セキュリティ対策Lab #セキュリティ #Security https://t.co/QgMKEm60bs
@securityLab_jp
8 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-25014 ⚠️🔴 CRITICAL (9.1) 🏢 Elastic - Kibana 🏗️ 8.3.0 🔗 https://t.co/LVM5qESpMV #CyberCron #VulnAlert #InfoSec https://t.co/H10fcaySE6
@cybercronai
7 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Actualizaciones de Kibana ❗CVE-2025-25014 ➡️Más info: https://t.co/D5bdAPdn3t https://t.co/fY8yWAkSbV
@CERTpy
7 May 2025
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-25014 (CVSS 9.1) frappe Kibana ! Une faille de pollution de prototype permet l'exécution de code arbitraire via des requêtes HTTP ciblant les endpoints ML & Reporting. Mettez à jour vers Kibana dès maintenant ! 🔒 https://t.co/EL5g6i3fGy #CyberSec #Kibana
@_F2po_
7 May 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kibanaに重大(Critical)な脆弱性。CVE-2025-25014はCVSSスコア9.1のプロトタイプ汚染。機械学習・レポート作成エンドポイントへの細工されたHTTPリクエストにより任意コード実行が成立。Elastic Cloudでのデプロイにも影
@__kokumoto
7 May 2025
3674 Impressions
19 Retweets
43 Likes
11 Bookmarks
0 Replies
0 Quotes
CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution https://t.co/q6KCi2CapR
@Dinosn
7 May 2025
2357 Impressions
4 Retweets
30 Likes
9 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-25014(CVSS 9.1) : Prototype Pollution in Kibana Opens Door to Code Execution 📊412.1K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/Xdrn76seDZ 👇Query HUNTER : https://t.co/q9rtuGgxk7="Elastic Kibana" FOFA : htt
@HunterMapping
7 May 2025
2718 Impressions
16 Retweets
55 Likes
22 Bookmarks
0 Replies
0 Quotes