Open Redirect Vulnerability in Kibana by Elastic
CVE-2025-25012

4.3MEDIUM

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 25 June 2025

🔔 Create Elastic Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2025-25012?

An Open Redirect vulnerability has been identified in Kibana that allows an attacker to redirect users to arbitrary, potentially malicious sites. This vulnerability can be exploited through specifically crafted URLs, posing significant security risks such as server-side request forgery, which can further compromise sensitive data and user trust. Organizations using affected versions of Kibana should update to the latest patch to mitigate these risks.

Affected Version(s)

Kibana 7.0.0 <= 7.17.28

Kibana 8.0.0 <= 8.17.7

Kibana 8.18.0 <= 8.18.2

News Articles

The Cyber Express

Elastic Fixes Critical Kibana Vulnerability (CVE-2025-25012)

Elastic addresses a critical Kibana vulnerability (CVE-2025-25012) that allows remote code execution.

thmubnail image

The Hacker News

Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution

Elastic patched a critical Kibana flaw (CVE-2025-25012, CVSS 9.9) enabling arbitrary code execution. Update to version 8.17.3 now.

thmubnail image

References

https://discuss.elastic.co/t/kibana-7-17-29-8-17-8-8-18-3...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
📰
First article discovered by The Hacker News
Mar 6, 2025
Vulnerability Reserved
Jan 31, 2025

.

CVE-2025-25012 : Open Redirect Vulnerability in Kibana by Elastic