Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-25018

Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)

2025-10-10T10:15:33.743

2025-10-30T14:25:55.827

Analyzed

CVSSv3.1: 8.7 (HIGH)

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	kibana	< 8.18.8	Yes
Application	elastic	kibana	< 8.19.5	Yes
Application	elastic	kibana	< 9.0.8	Yes
Application	elastic	kibana	< 9.1.5	Yes