Elastic News Articles
Recent news articles refferecing the vendors vulnerabilities.

CVE-2025-25015
Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users...
1 week ago
Kibana Vulnerabilities Let Attackers Execute Arbitrary Code
Kibana Vulnerabilities, CVE-2024-37288 and CVE-2024-37285, allow attackers to execute arbitrary code through YAML deserialization issues.

Elasticsearch Kibana Arbitrary Code Execution Vulnerability (CVE-2024-37287) β Qualys ThreatPROTECT
Skip to content Kibana, a data visualization tool, released a patch to address a critical severity flaw that may allow an attacker to perform arbitrary code execution on target systems. Tracked as...

Critical Kibana Vulnerability Let Attackers Execute Arbitrary Code
A critical security flaw has been identified in Kibana, a popular open-source data visualization and exploration tool.