Elastic

Security Advisory

Elastic Releases Critical Security Updates for Kibana & Elasticsearch 

Security Advisory:

Elastic has released security updates for Kibana and Elasticsearch.

Addressed 5 vulnerabilities, including 3 high-severity Cross-Site Scripting (XSS) issues

This also include one sensitive data exposure flaw, and one credential leakage issue

OEM Elastic 
Severity High 
CVSS Score 8.7 
CVEs CVE-2025-25009, CVE-2025-25017, CVE-2025-25018, CVE-2025-37727, CVE-2025-37728 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

The most severe, CVE-2025-25009 (CVSS 8.7), affects Kibana’s case file upload functionality, potentially allowing attackers to execute arbitrary scripts. These vulnerabilities could allow data theft, session hijacking or privilege escalation in affected environments. Users & Administrators strongly advise to update to the patched versions immediately to mitigate risks. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​Stored XSS Vulnerability via Case File Upload Vulnerability CVE-2025-25009 Kibana  High  v8.18.8, v8.19.5, v9.0.8, v9.1.5 
Kibana Cross Site Scripting (XSS) Vulnerability CVE-2025-25017 Kibana High 
Kibana Stored Cross Site Scripting (XSS) Vulnerability CVE-2025-25018 Kibana High 

Technical Summary 

Elastic’s latest security patches fix several vulnerabilities in Kibana and Elasticsearch. These vulnerabilities could let attackers inject malicious code or gain access to sensitive information.

This could result in stolen data, taken-over user sessions, or even gaining higher access levels in the system. Although no active exploits have been reported, users are strongly advised to update immediately for protection to ensure optimal security and stability . 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-25009 Kibana (7.x ≤ 7.17.29, 7.x ≤ 7.17.29, 8.x ≤ 8.18.7, 8.19.x ≤ 8.19.4, 9.0.x ≤ 9.0.7, 9.1.x ≤ 9.1.4) Stored XSS via malicious file uploads in case management, allowing JavaScript injection Data Theft,  Session Hijacking,  Privilege Escalation 
CVE-2025-25017 Kibana (7.x ≤ 7.17.29, 7.x ≤ 7.17.29, 8.x ≤ 8.18.7, 8.19.x ≤ 8.19.3, 9.0.x ≤ 9.0.6, 9.1.x ≤ 9.1.3) XSS in Vega visualization engine due to improper neutralization of inputs, enabling script execution Malicious Script Execution 
CVE-2025-25018 Kibana (7.x ≤ 7.17.29, 7.x ≤ 7.17.29, 8.x ≤ 8.18.7, 8.19.x ≤ 8.19.4, 9.0.x ≤ 9.0.7, 9.1.x ≤ 9.1.4) Stored XSS in Kibana due to improper validation of specified type of input.  Session Compromise, Unauthorized Access 

Other Vulnerabilities 

In addition to the three high-severity flaws, Elastic patched 2 other vulnerabilities in the same Security Announcements release. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​Sensitive Data Exposure in Audit Logging CVE-2025- 37727 Elasticsearch Medium v8.18.8, v8.19.5, v9.0.8, v9.1.5 
Credential Leakage in CrowdStrike Connector CVE-2025- 37728 Kibana (CrowdStrike Connector) Medium v8.18.8 and higher 

Recommendations

Update Kibana and Elasticsearch immediately to the following versions 

  • Kibana/Elasticsearch: v8.18.8, v8.19.5, v9.0.8, v9.1.5 or the latest version. 

If unable to update immediately you can follow some workarounds below 

  • For the CVE-2025-25009, For versions >= 7.12 to < 9.0 users can set “discover:searchFieldsFromSource: true” in Advanced Settings and there are no workarounds for 9.0+. 
  • For the CVE-2025-25017, users can disable Vega visualizations but note that this will disable all Vega charts in Kibana. 
  • For the CVE-2025-37727, users can set “xpack.security.audit.logfile.events.emit_request_body” to “false”. 

Conclusion: 
The Elastic security update addresses severe vulnerabilities in Kibana and Elasticsearch, including high-severity XSS issues that could enable attackers to compromise dashboards, steal data, or escalate privileges.

Although no exploitation has been reported but these vulnerabilities need immediate patching. Immediate action is essential to maintain system integrity and protect sensitive data in monitoring and logging environments. 

References

Security Advisory

Critical Security Flaw in Kibana Requires Immediate Attention 

Kibana is a robust tool for data visualization and exploration that can be used to search, examine, and track data that is stored in Elasticsearch. A vital part of many organizations’ data analysis procedures, it offers real-time insights through interactive dashboards. 

Elastic released security updates to address a critical vulnerability, tracked as CVE-2025-25012 (CVSS score of 9.9), impacting the Kibana data visualization dashboard software for Elasticsearch.

OEM Elastic 
Severity Critical 
CVSS 9.9 
CVEs CVE-2025-25012 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

A critical security vulnerability (CVE-2025-25012) has been identified in Kibana, affecting versions 8.15.0 to 8.17.2. The flaw allows attackers to execute arbitrary code, potentially compromising affected systems. Elastic has released a patch in Kibana version 8.17.3to address this issue, and users are strongly advised to update immediately. 

Vulnerability Name CVE ID Product Affected Severity 
 Arbitrary code execution Vulnerability  CVE-2025-25012  Elastic  Critical 

Technical Summary 

This vulnerability arises from improper handling of JavaScript object prototypes in Kibana’s file upload and HTTP request processing functionalities.

Attackers can exploit this flaw to inject malicious payloads, modify application behavior, and execute arbitrary code. The vulnerability is classified under CWE-1321 (Improper Control of Prototype-Based Attribute Modifications) and aligns with the MITRE ATT&CK framework under tactic T1059 (Command and Scripting Interpreter). 

Affected Versions and Exploitation Conditions: 

  • Kibana 8.15.0 – 8.17.0: Exploitable by users with the Viewer role. 
  • Kibana 8.17.1 – 8.17.2: Requires privileges fleet-all, integrations-all, and actions:execute-advanced-connectors. 
CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-25012   Kibana 8.15.0 – 8.17.2   Prototype pollution via crafted file uploads and HTTP requests, allowing manipulation of JavaScript object properties and security controls.  Remote Code Execution, Unauthorized Data Access, Lateral Movement  

Remediation

  • Upgrade: Elastic has released a security patch to address the issue. It is highly recommended to upgrade to Kibana 8.17.3 or a later version 
  • Temporary Mitigation: If upgrading is not feasible in the short term, apply the following measure to reduce risk: 
  • Disable the Integration Assistant feature by setting xpack.integration_assistant.enabled: false in kibana.yml. 

Conclusion: 

Organizations utilizing Kibana should take urgent action to patch CVE-2025-25012 by upgrading to version 8.17.3.

The vulnerability is highly severe, particularly for environments using Kibana for security monitoring, as attackers could exploit this flaw to disable alerts and manipulate detection pipelines. If patching is not immediately possible, temporary mitigations should be applied to reduce the risk of exploitation. Ensuring real-time vulnerability monitoring and implementing strict access controls are also recommended to safeguard against similar threats in the future. 

References: 

Image 

Scroll to top