Stored Cross-Site Scripting Vulnerability in Kibana by Elastic
CVE-2025-25018
8.7HIGH
What is CVE-2025-25018?
An issue exists in Kibana where improper neutralization of user input during web page generation can lead to stored Cross-Site Scripting (XSS) attacks. Attackers may exploit this vulnerability to inject malicious scripts that could execute when users view affected web pages. This poses significant risks, including data exposure and unauthorized actions performed on behalf of users.
Affected Version(s)
Kibana 7.0.0 <= 7.17.29
Kibana 8.0.0 <= 8.18.7
Kibana 8.19.0 <= 8.19.4