CVE-2025-25015

CVE-2025-25015 is a prototype pollution vulnerability in Kibana that enables arbitrary code execution through a crafted file upload combined with specifically crafted HTTP requests. The vulnerability affects Kibana versions 8.15.0 and later up to but not including 8.17.1, as well as versions 8.17.1 and 8.17.2. It is classified under CWE-1321 and carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, low privileges required, no user interaction, and high impact across confidentiality, integrity, and availability in a high-scope scenario.

The vulnerability can be exploited by authenticated users depending on the Kibana version. In versions from 8.15.0 up to but not including 8.17.1, users with the Viewer role can trigger it remotely. In versions 8.17.1 and 8.17.2, exploitation requires users with roles granting all of the following privileges: fleet-all, integrations-all, and actions:execute-advanced-connectors. Successful exploitation leads to arbitrary code execution on the Kibana server.

The Elastic Security Advisory ESA-2025-06, detailed at https://discuss.elastic.co/t/kibana-8-17-3-8-16-6-security-update-esa-2025-06/375441, addresses this issue with security updates for Kibana versions 8.17.3 and 8.16.6, recommending upgrades to these patched releases for mitigation.