CVE-2025-25014

Name of the Vulnerable Software and Affected Versions Kibana versions 8.3.0 through 8.17.5 Kibana version 8.18.0 Kibana version 9.0.0

Description A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. The vulnerability can be exploited by sending specially crafted HTTP requests, allowing an attacker to execute arbitrary code. It is estimated that over 412,000 services are potentially affected.

Recommendations For Kibana versions 8.3.0 through 8.17.5, update to Kibana 8.17.6 or later. For Kibana version 8.18.0, update to Kibana 8.18.1 or later. For Kibana version 9.0.0, update to Kibana 9.0.1 or later. As a temporary workaround, consider restricting access to the machine learning and reporting endpoints until a patch is available.