CVE-2025-25015

Name of the Vulnerable Software and Affected Versions Kibana versions 8.15.0 through 8.17.2

Description Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2, this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors. Over 198,000 exposed instances have been spotted.

Recommendations For Kibana versions 8.15.0 through 8.17.2, update to version 8.17.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable module and limiting user privileges to minimize the risk of exploitation. Avoid using crafted file uploads and HTTP requests until the issue is resolved.