Published On: May 09, 2025 16:16
Advisory No: TZCERT-SA-25-0095
Source: Elasticsearch
Software Affected: Kibana versions 8.3.0 to 8.17.5, 8.18.0, and 9.0.0
A critical vulnerability is affecting multiple Kibana versions. Exploitation of this vulnerability may allow an attacker to execute remote code.
Kibana versions 8.3.0 to 8.17.5, 8.18.0, and 9.0.0 are affected by a vulnerability tracked as CVE-2025-25014 with a CVSS score of 9.1. The vulnerability is a result of a Prototype pollution flaw. Upon successful exploitation, the attacker may achieve arbitrary code execution via a crafted file upload and specifically crafted HTTP requests to machine learning and reporting endpoints.
Successful exploitation of this vulnerability may allow the attackers to take control of the affected system.
Elasticsearch has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
