- Description
- Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors
- Source
- bressers@elastic.co
- NVD status
- Analyzed
- Products
- kibana
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- bressers@elastic.co
- CWE-1321
- Hype score
- Not currently trending
🚨 Alertă: Vulnerabilitate critică în Kibana! CVE-2025-25015 permite atacatorilor să execute cod arbitrar pe versiunile 8.15.0 – 8.17.2. 🔐 Actualizați la 8.17.3 și restricționați accesul! Detalii 👉 https://t.co/kXAFpSnZtL #DNSC #Cybersecurit https://t.co/URZiMcus4M
@DNSC_RO
7 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Společnost Elastic, vyvíjející systémy ELK, vydává záplatu pro kritickou zranitelnost CVE-2025-25015 (CVSS skóre 9.9) týkající se software Kibana pro vizualizaci dat. Tato chyba byla typu Prototype pollution, kdy útočník mohl pomocí speciálně vytvořeného souboru a HTTP… https:
@AlefSecurity
7 Mar 2025
88 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Attacco JavaScript a migliaia di siti WordPress e grave falla in Kibana Sicurezza Informatica, backdoor, CVE-2025-25015, cybersecurity, exploit remoto, javascript, Kibana, prototype pollution, Wordpress https://t.co/AKQX4BeO1z https://t.co/Sji6ebibq2
@matricedigitale
7 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Elastic Rolls Out Urgent Fix for Critical Kibana Flaw Enabling Remote Code Execution Elastic dropped a critical patch for a Kibana flaw (CVE-2025-25015, CVSS 9.9) that could let attackers run code remotely—update to 8.17.3 ASAP! Prototype pollution’s the culprit, and this…
@gossy_84
7 Mar 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 CVE-2025-25015 Kibana Prototype Pollution vulnerability requires authentication with the following privileges: fleet-all, integrations-all, and actions:execute-advanced-connectors 📌 CVE-2025-25012: A typo of CVE-2025-25015 Details are here: https://t.co/E5ginMj2FQ
@vulmoncom
7 Mar 2025
52 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨CRITICAL ALERT🚨 CVE-2025-25015 (CVSS: 9.9) drops a bombshell: Kibana vuln via prototype pollution = arbitrary code execution. Crafted file uploads + sneaky HTTP requests = game over. ZoomEye Dork👉app="Kibana" 198k+ exposed instances spotted already! Check it:… https://t.co
@zoomeye_team
6 Mar 2025
520 Impressions
3 Retweets
4 Likes
5 Bookmarks
0 Replies
0 Quotes
🚨CRITICAL ALERT🚨 CVE-2025-25015 (CVSS: 9.9) drops a bombshell: Kibana vuln via prototype pollution = arbitrary code execution. Crafted file uploads + sneaky HTTP requests = game over. ZoomEye Dork👉app="Kibana" 198k+ exposed instances spotted already! Check it:… https://t.co
@zoomeye_team
6 Mar 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-25015: Kibana arbitrary code execution via prototype pollution https://t.co/uriUtpB1rd
@DarkWebInformer
5 Mar 2025
4496 Impressions
7 Retweets
26 Likes
11 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-25015 ⚠️🔴 CRITICAL (9.9) 🏢 Elastic - Kibana 🏗️ 8.15.0 🔗 https://t.co/ExiOYXVhJz #CyberCron #VulnAlert #InfoSec https://t.co/QguVuFt7wk
@cybercronai
5 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-25015: CRITICAL] Warning: In Kibana >=8.15.0 & <8.17.1, a serious security issue allows arbitrary code execution through a crafted file upload & HTTP requests. Only certain users can exploit this vulner...#cybersecurity,#vulnerability https://t.co/eRjcQZQU
@CveFindCom
5 Mar 2025
74 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5BBD93-2143-4987-A402-FBA8450D945D",
"versionEndExcluding": "8.16.6",
"versionStartIncluding": "8.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7DD335-454A-4FEE-973F-4505E7FD123F",
"versionEndExcluding": "8.17.3",
"versionStartIncluding": "8.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]