Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-25014

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.

Published

2025-05-06T18:15:37.857

Last Modified

2025-10-02T16:26:53.280

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-1321

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	kibana	< 8.17.6	Yes
Application	elastic	kibana	8.18.0	Yes
Application	elastic	kibana	9.0.0	Yes

References

https://discuss.elastic.co/t/kibana-8-17-6-8-18-1-or-9-0-1-security-update-esa-2025-07/377868 Patch, Vendor Advisory ([email protected])