CVE-2025-25014

Published May 6, 2025

Last updated 4 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-25014 is a prototype pollution vulnerability found in Kibana that can lead to arbitrary code execution. The vulnerability can be exploited by sending crafted HTTP requests to the Machine Learning and Reporting endpoints. The vulnerability affects Kibana versions 8.3.0 to 8.17.5, 8.18.0, and 9.0.0. Both self-hosted and Elastic Cloud deployments are vulnerable if they have both Machine Learning and Reporting features enabled.

Description
A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
Source
bressers@elastic.co
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

bressers@elastic.co
CWE-1321

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2025-25014(CVSS 9.1):Kibana原型污染漏洞可导致远程代码执行。 攻击者可通过向Kibana的机器学习(Machine Learning)和报告(Reporting)接口发送特制HTTP请求实现任意代码执行。 https://t.co/P7orAcuk60

    @chenze654321

    9 May 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️⚠️ CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution 🎯229k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/TDcT06CYfs FOFA Query:app="Kibana" 🔖Refer:https://t.co/WyYkpLcz3u #OSINT #FOFA

    @fofabot

    8 May 2025

    1065 Impressions

    5 Retweets

    15 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  3. Threat Alert: Critical Vulnerability in Kibana Allows Attackers to Execute Arbitrary Code CVE-2025-25014 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/Tl9PFZ54XZ #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    8 May 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 📌 Critical CVE-2025-25014 vulnerability in Kibana allows remote code execution. Immediate update required. #CyberSecurity #Kibana https://t.co/ML5kTrsgga https://t.co/BddWrockzf

    @CyberHub_blog

    8 May 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Kibanaに重大な脆弱性、コード実行の恐れ(CVE-2025-25014) #セキュリティ対策Lab #セキュリティ #Security https://t.co/QgMKEm60bs

    @securityLab_jp

    8 May 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 CVE-2025-25014 ⚠️🔴 CRITICAL (9.1) 🏢 Elastic - Kibana 🏗️ 8.3.0 🔗 https://t.co/LVM5qESpMV #CyberCron #VulnAlert #InfoSec https://t.co/H10fcaySE6

    @cybercronai

    7 May 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. ⚠️Actualizaciones de Kibana ❗CVE-2025-25014 ➡️Más info: https://t.co/D5bdAPdn3t https://t.co/fY8yWAkSbV

    @CERTpy

    7 May 2025

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CVE-2025-25014 (CVSS 9.1) frappe Kibana ! Une faille de pollution de prototype permet l'exécution de code arbitraire via des requêtes HTTP ciblant les endpoints ML & Reporting. Mettez à jour vers Kibana dès maintenant ! 🔒 https://t.co/EL5g6i3fGy #CyberSec #Kibana

    @_F2po_

    7 May 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Kibanaに重大(Critical)な脆弱性。CVE-2025-25014はCVSSスコア9.1のプロトタイプ汚染。機械学習・レポート作成エンドポイントへの細工されたHTTPリクエストにより任意コード実行が成立。Elastic Cloudでのデプロイにも影

    @__kokumoto

    7 May 2025

    3674 Impressions

    19 Retweets

    43 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution https://t.co/q6KCi2CapR

    @Dinosn

    7 May 2025

    2357 Impressions

    4 Retweets

    30 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨Alert🚨 CVE-2025-25014(CVSS 9.1) : Prototype Pollution in Kibana Opens Door to Code Execution 📊412.1K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/Xdrn76seDZ 👇Query HUNTER : https://t.co/q9rtuGgxk7="Elastic Kibana" FOFA : htt

    @HunterMapping

    7 May 2025

    2718 Impressions

    16 Retweets

    55 Likes

    22 Bookmarks

    0 Replies

    0 Quotes