CVE-2025-25016

Summary

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.

Affected Software

VendorProductVersion RangeStatus
ElasticKibana7.17.0 < 7.17.18affected
ElasticKibana8.0.0 < 8.13.0affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References