CVE-2025-68386

Name of the Vulnerable Software and Affected Versions Kibana (affected versions not specified)

Description An improper authorization issue exists in Kibana that can lead to privilege escalation. An authenticated user can modify a document's sharing type to "global" without the necessary permissions, making the document visible to all users within the Kibana space. This is achievable through a crafted HTTP request. The issue involves manipulating document sharing settings.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.