CVE-2025-43707

CVE-2024-43707 is a vulnerability found in Kibana, a data visualization dashboard software for Elasticsearch. It is an unauthorized access flaw where users without the necessary "Fleet" access can view Elastic Agent policies. These policies might contain sensitive information, the nature of which depends on the specific integrations enabled for the Elastic Agent and their versions. The vulnerability affects Kibana versions 8.0.0 up to 8.15.0. To mitigate this issue, users are strongly encouraged to upgrade to version 8.15.0, where a patch has been implemented.