CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-25015

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.7%

CVSS Severity

CVSS v3 Score 9.9

References

https://discuss.elastic.co/t/kibana-8-17-3-8-16-6-security-update-esa-2025-06/375441

Products affected by CVE-2025-25015

Elastic » Kibana » Version: 8.15.0

cpe:2.3:a:elastic:kibana:8.15.0
Elastic » Kibana » Version: 8.15.1

cpe:2.3:a:elastic:kibana:8.15.1
Elastic » Kibana » Version: 8.15.2

cpe:2.3:a:elastic:kibana:8.15.2
Elastic » Kibana » Version: 8.15.3

cpe:2.3:a:elastic:kibana:8.15.3
Elastic » Kibana » Version: 8.15.4

cpe:2.3:a:elastic:kibana:8.15.4
Elastic » Kibana » Version: 8.15.5

cpe:2.3:a:elastic:kibana:8.15.5
Elastic » Kibana » Version: 8.16.0

cpe:2.3:a:elastic:kibana:8.16.0
Elastic » Kibana » Version: 8.16.1

cpe:2.3:a:elastic:kibana:8.16.1
Elastic » Kibana » Version: 8.16.2

cpe:2.3:a:elastic:kibana:8.16.2
Elastic » Kibana » Version: 8.16.3

cpe:2.3:a:elastic:kibana:8.16.3
Elastic » Kibana » Version: 8.16.4

cpe:2.3:a:elastic:kibana:8.16.4
Elastic » Kibana » Version: 8.16.5

cpe:2.3:a:elastic:kibana:8.16.5
Elastic » Kibana » Version: 8.17.0

cpe:2.3:a:elastic:kibana:8.17.0
Elastic » Kibana » Version: 8.17.1

cpe:2.3:a:elastic:kibana:8.17.1
Elastic » Kibana » Version: 8.17.2

cpe:2.3:a:elastic:kibana:8.17.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-25015

Products

Pricing

Contact Us