Critical Kibana Vulnerability Let Attackers Execute Arbitrary Code
Posted: Fri Mar 07, 2025 5:08 pm
Elastic has issued an urgent security advisory for a critical vulnerability in Kibana, tracked as CVE-2025-25012, that allows authenticated attackers to execute arbitrary code on affected systems.
The flaw, rated 9.9 on the CVSS v3.1 scale, stems from a prototype pollution issue in Kibana’s file upload handler and HTTP request processing. Exploitation could lead to full system compromise, data exfiltration, or service disruption
https://cybersecuritynews.com/kibana-vu ... rary-code/
The flaw, rated 9.9 on the CVSS v3.1 scale, stems from a prototype pollution issue in Kibana’s file upload handler and HTTP request processing. Exploitation could lead to full system compromise, data exfiltration, or service disruption
https://cybersecuritynews.com/kibana-vu ... rary-code/