{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2025-007.pdf" }, "title": "Critical Vulnerability in Kibana", "serial_number": "2025-007", "publish_date": "06-03-2025 16:30:06", "description": "On 5 March 2025, Elastic released a security update addressing a critical vulnerability in Kibana, identified as CVE-2025-25012 with a CVSS score of 9.9.
\nThis flaw could allow an attacker to execute arbitrary code on the server. It is strongly recommended to update vulnerable Kibana instances.
\n", "url_title": "2025-007", "content_markdown": "---\ntitle: 'Critical Vulnerability in Kibana'\nnumber: '2025-007'\nversion: '1.0'\noriginal_date: '2025-03-05'\ndate: '2025-03-06'\n---\n\n_History:_\n\n* _06/03/2025 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn 5 March 2025, Elastic released a security update addressing a critical vulnerability in Kibana, identified as **CVE-2025-25012** with a CVSS score of 9.9 [1].\n\nThis flaw could allow an attacker to execute arbitrary code on the server. It is strongly recommended to update vulnerable Kibana instances.\n\n# Technical Details\n\nThe vulnerability **CVE-2025-25012** arises from prototype pollution in Kibana, leading to arbitrary code execution via a crafted file upload and specifically crafted HTTP request [1].\n\n# Products Affected\n\nIn Kibana versions >= 8.15.0 and < 8.17.1, the vulnerability is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2, this is only exploitable by users that have roles that contain all the following privileges: `fleet-all`, `integrations-all`, `actions:execute-advanced-connectors` [1].\n\n# Recommendations\n\nCERT-EU recommends updating to Kibana version 8.17.3 as soon as possible.\n\n# Mitigations\n\nFor users who cannot upgrade immediately, Elastic advises to set the `xpack.integration_assistant.enabled` configuration option to `false` in Kibana's configuration (`kibana.yml`) [1].\n\n# References\n\n[1] \n\n", "content_html": "

History:

Summary

On 5 March 2025, Elastic released a security update addressing a critical vulnerability in Kibana, identified as CVE-2025-25012 with a CVSS score of 9.9 [1].

This flaw could allow an attacker to execute arbitrary code on the server. It is strongly recommended to update vulnerable Kibana instances.

Technical Details

The vulnerability CVE-2025-25012 arises from prototype pollution in Kibana, leading to arbitrary code execution via a crafted file upload and specifically crafted HTTP request [1].

Products Affected

In Kibana versions >= 8.15.0 and < 8.17.1, the vulnerability is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2, this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors [1].

Recommendations

CERT-EU recommends updating to Kibana version 8.17.3 as soon as possible.

Mitigations

For users who cannot upgrade immediately, Elastic advises to set the xpack.integration_assistant.enabled configuration option to false in Kibana's configuration (kibana.yml) [1].

References

[1] https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }