Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-25009

Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.

Published

2025-10-07T14:15:36.340

Last Modified

2025-10-30T14:47:00.960

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.7 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application elastic kibana < 8.18.8 Yes
Application elastic kibana < 8.19.5 Yes
Application elastic kibana < 9.0.8 Yes
Application elastic kibana < 9.1.5 Yes
References