Skip to content

Attention Kibana Users: Important Security Alert!

Kibana is a widely used tool for data visualization and analysis, forming part of the Elastic Stack. Recently, Elastic identified a critical security vulnerability in Kibana and released an important security update to address it. This vulnerability, tracked as CVE-2025-25012, has been assigned a CVSS score of 9.9 (Critical), meaning attackers could execute arbitrary code on vulnerable systems.

This issue arises due to prototype pollution in Kibana’s software. Attackers can exploit it by uploading a specially crafted file and sending modified HTTP requests. This could allow them to execute malicious code on the system and misuse it for their own purposes.

Technical Details

  • CVE Identifier: CVE-2025-25012
  • Severity Level:9.9 (Critical)
    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
    • (This rating indicates that the vulnerability can be exploited remotely, requires low complexity, and does not need user interaction.)
  • Affected Versions:
    • Kibana 8.15.0 – 8.17.0: Exploitable by users with the Viewer role.
    • Kibana 8.17.1 and 8.17.2: Exploitable by users with specific privileges:
      • fleet-all
      • integrations-all
      • actions:execute-advanced-connectors

If you are unable to update Kibana immediately, consider applying the following temporary protection measures:

  • Disable Integration Assistant
    Add the following line to your Kibana configuration:

The vulnerability has been fully patched in Kibana 8.17.3.

Additional Security Recommendations

  1. Update Immediately.
    The most effective security measure is to upgrade to Kibana 8.17.3 or later.
  2. Follow the Principle of Least Privilege.
    Assign users only the necessary levels of access. In most cases, reducing the number of users with the relevant privileges can significantly lower the risk of exploitation.
  3. Monitor Security Logs.
    Regularly check Kibana and Elasticsearch logs for suspicious activities. If unusual requests or unexpected operations are detected, analyze them immediately.
  4. Enhance Network Security.
    Restrict access to Kibana, allowing connections only from trusted IP addresses.
  5. Use a Web Application Firewall (WAF).
    Set up a WAF to detect and block potential attacks before they can be executed.

The CVE-2025-25012 vulnerability in Kibana poses a serious threat as it allows remote code execution. To mitigate the risk, it is crucial to update the system immediately, apply temporary security measures, and limit user privileges.

If you use Kibana, do not delay in applying this security update!