Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-37734

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant.

Published

2025-11-12T10:15:43.487

Last Modified

2025-12-11T21:09:00.333

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-346

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	kibana	< 8.19.7	Yes
Application	elastic	kibana	< 9.1.7	Yes
Application	elastic	kibana	9.2.0	Yes

References

https://discuss.elastic.co/t/kibana-8-19-7-9-1-7-and-9-2-1-security-update-esa-2025-24/383381 Vendor Advisory ([email protected])