Resource Allocation Vulnerability in Kibana from Elastic
CVE-2025-68389

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-68389?

A vulnerability in Kibana allows low-privileged authenticated users to exploit resource allocation without limits. By crafting specific HTTP requests, these users can trigger excessive resource allocation, resulting in a denial of service (DoS) that disrupts the Kibana process. This issue underscores the importance of implementing limits on resource usage to safeguard systems against potential attacks and ensure ongoing service availability.

Affected Version(s)

Kibana 7.0.0 <= 7.17.29

Kibana 8.0.0 <= 8.19.8

Kibana 9.0.0 <= 9.1.8

References

https://discuss.elastic.co/t/kibana-8-19-9-9-1-9-and-9-2-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Dec 16, 2025

JSON