Open Redirect Vulnerability in Kibana by Elastic
CVE-2025-25012
Key Information:
Badges
What is CVE-2025-25012?
An Open Redirect vulnerability has been identified in Kibana that allows an attacker to redirect users to arbitrary, potentially malicious sites. This vulnerability can be exploited through specifically crafted URLs, posing significant security risks such as server-side request forgery, which can further compromise sensitive data and user trust. Organizations using affected versions of Kibana should update to the latest patch to mitigate these risks.
Affected Version(s)
Kibana 7.0.0 <= 7.17.28
Kibana 8.0.0 <= 8.17.7
Kibana 8.18.0 <= 8.18.2
News Articles
Kudelski Security ResearchCVE-2025-25012Critical Kibana Vulnerability Enabling Remote Code Execution (CVE-2025-25012)
Summary A critical vulnerability, identified as CVE-2025-25015, has been disclosed in Kibana, which enables unauthenticated remote attackers to execute arbitrary code on affected systems. Discovered on March 6, 2025, this flaw affects Kibana versions 8.15.0 through 8.17.3 and poses a significant sec...
The Cyber ExpressCVE-2025-25012Elastic Fixes Critical Kibana Vulnerability (CVE-2025-25012)
Elastic addresses a critical Kibana vulnerability (CVE-2025-25012) that allows remote code execution.
The Hacker NewsCVE-2025-25012Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Elastic patched a critical Kibana flaw (CVE-2025-25012, CVSS 9.9) enabling arbitrary code execution. Update to version 8.17.3 now.
References
CVSS V3.1
Timeline
Vulnerability published
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability Reserved