CVE-2025-25009

CVSS v3.1

8.7

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Kibana versions 8.18.8 through 8.19.5 Kibana versions 9.0.8 through 9.1.5

Description The software contains an issue related to the improper neutralization of input during web page generation. This can lead to Stored Cross-Site Scripting (XSS) when a case file is uploaded. An attacker can inject scripts through the uploaded file, resulting in persistent XSS. The vulnerability stems from insufficient input handling.

Recommendations Upgrade to Kibana version 8.18.8. Upgrade to Kibana version 8.19.5. Upgrade to Kibana version 9.0.8. Upgrade to Kibana version 9.1.5.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2025-12640

BIT-ELK-2025-25009

BIT-KIBANA-2025-25009

CVE-2025-25009

Affected Products

Kibana

CVE-2025-25009

Weakness Enumeration

Related Identifiers

Affected Products

References · 15