CVE-2025-25014

Summary

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.

Affected Software

VendorProductVersion RangeStatus
ElasticKibana8.3.0 < 8.17.6affected
ElasticKibana8.18.0 < 8.18.1affected
ElasticKibana9.0.0 < 9.0.1affected

Weaknesses

  • CWE-1321: CWE-1321

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References