Elastic News Articles

CVE-2025-25015

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users...

2 weeks ago

Kibana Vulnerabilities Let Attackers Execute Arbitrary Code

Kibana Vulnerabilities, CVE-2024-37288 and CVE-2024-37285, allow attackers to execute arbitrary code through YAML deserialization issues.

Elasticsearch Kibana Arbitrary Code Execution Vulnerability (CVE-2024-37287) – Qualys ThreatPROTECT

Skip to content Kibana, a data visualization tool, released a patch to address a critical severity flaw that may allow an attacker to perform arbitrary code execution on target systems. Tracked as...

Critical Kibana Vulnerability Let Attackers Execute Arbitrary Code

A critical security flaw has been identified in Kibana, a popular open-source data visualization and exploration tool.