Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-25017

Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)

Published

2025-10-10T10:15:32.900

Last Modified

2025-10-30T14:29:18.997

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application elastic kibana < 8.18.8 Yes
Application elastic kibana < 8.19.4 Yes
Application elastic kibana < 9.0.7 Yes
Application elastic kibana < 9.1.4 Yes
References