-
|
The Hacker News Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution. "Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests," the company said in an advisory released Wednesday. Prototype pollution vulnerability is a security flaw that allows attackers to manipulate an application's JavaScript objects and properties, potentially leading to unauthorized data access, privilege escalation, denial-of-service, or remote code execution. The vulnerability affects all versions of Kibana between 8.15.0 and 8.17.3. It has been addressed in version 8.17.3. Elastic’s Advisory |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Yes, we have already rolled Elastic 8.17.3 into the upcoming Security Onion 2.4.130 and are testing it now: |
Beta Was this translation helpful? Give feedback.
Yes, we have already rolled Elastic 8.17.3 into the upcoming Security Onion 2.4.130 and are testing it now:
#14356