💸 Elastic has released security updates to address a critical vulnerability in its Kibana data visualization software

chushpan

chushpan

Professional
Messages
998
Reaction score
852
Points
93
💸 Elastic has released security updates to address a critical vulnerability in its Kibana data visualization software for Elasticsearch that could lead to arbitrary code execution.

👉 The vulnerability, tracked as CVE-2025-25012, has a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a prototype pollution incident.

📰 “Prototype pollution in Kibana leads to arbitrary code execution via forged file uploads and specially crafted HTTP requests”, the company said in a statement on Wednesday.

📰 Prototype pollution is a security flaw that allows attackers to manipulate an application’s JavaScript objects and properties, potentially leading to unauthorized data access, privilege escalation, denial of service, or remote code execution.

📌 The vulnerability affects all versions of Kibana between 8.15.0 and 8.17.3. It was fixed in version 8.17.3.
 
You must log in or register to reply here.

Similar threads

chushpan
💻 VMware security flaws are being exploited in the wild - Broadcom releases urgent fixes
Replies
0
Views
141
chushpan
chushpan
chushpan
💻 Meta warns of FreeType vulnerability (CVE-2025-27363) with active exploitation risk
Replies
0
Views
131
chushpan
chushpan
chushpan
🤖 Ballista Botnet Exploits Unpatched TP-Link Vulnerability to Infect Over 6,000 Devices
Replies
0
Views
160
chushpan
chushpan
chushpan
🧊 Google to Pay Out $12 Million in Bug Bounties in 2024
Replies
0
Views
136
chushpan
chushpan
Friend
CVSS 9.9: SolarWinds ARM vulnerability hits companies' security
Replies
0
Views
111
Friend
Friend
Back
Top