CVE-2025-25012
AI description
CVE-2025-25015 is a critical vulnerability in Elastic Kibana, a popular data visualization and exploration platform for Elasticsearch. It allows attackers to execute arbitrary code on affected systems. The vulnerability arises from a prototype pollution issue, which enables manipulation of JavaScript object properties. Exploitation involves uploading a specially crafted file and sending malicious HTTP requests. Versions 8.15.0 through 8.17.2 of Kibana are vulnerable. Exploitation in versions 8.15.0 to 8.17.0 requires only 'Viewer' role privileges. Versions 8.17.1 and 8.17.2 require broader privileges, including 'fleet-all', 'integrations-all', and 'actions:execute-advanced-connectors'. The vulnerability is addressed in Kibana version 8.17.3. As a temporary mitigation, if upgrading is not immediately feasible, users can disable the Integration Assistant feature flag in the Kibana configuration file (`kibana.yml`). This vulnerability was initially designated as CVE-2025-25012 but was later corrected to CVE-2025-25015.
- Description
- -
- Hype score
- Not currently trending
官方修复Elastic Kibana 原型污染致任意代码执行漏洞(CVE-2025-25012),该漏洞源于 Kibana 中的原型污染问题,攻击者可以通过精心构造的文件上传和特定的 HTTP 请求绕过验证机制,攻击者可以利用其在受影响的系统上执行任意代码、导致数据泄露、系统被完全控制等严重后果。 https://t.co/MjagiBvDfC
@chenze654321
20 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent security alert for all organizations using Kibana: A critical vulnerability (CVE-2025-25012) has been discovered, allowing remote code execution with a CVSS score of 9.9.
@fynn_JourX
14 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#VulnAlert 🚨 CVE-2025-25012 (CVSS 9.9) Vulnerabilidad crítica de ejecución de código parcheada en Elastic Kibana. 👇 Dorks: HUNTER: https://t.co/hGGK7zQHHF="Elastic Kibana" FOFA: product="Kibana" 📰 Más info: https://t.co/8yKQH6Wv98 #Kibana #infosec
@Cyph3R_CyberSec
12 Mar 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Grave vulnerabilidad en Kibana (CVE-2025-25012): se ha detectado un problema crítico de "Prototype pollution" que permite a usuarios con rol de "Viewer" ejecutar comandos a través de peticiones HTTP maliciosas. Afecta a versiones 8.15.0 - 8.17.0. Actualiza a la 8.17.1 para… ht
@pipobarraca
10 Mar 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ 紧急安全警报 ⚠️ Elastic发布Kibana关键漏洞(CVE-2025-25012)修复补丁,CVSS评分高达9.9! 该原型污染漏洞可能导致未授权数据访问、权限提升甚至远程代码执行。 受影响版本:8.15.0至8.17.3 你的Kibana已更新了吗?请分享你的应对措施! #网络安全 #数据保护 https://t.co/s4lajOilj3
@affadvisor
9 Mar 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 إعلان تحديثات أمنية هامة من شركة Elastic لمعالجة ثغرة خطيرة في كيبانا لبيانات Elasticsearch! CVE-2025-25012. الثغرة تسمح بتنفيذ تعليمات برمجية. الثغرة تؤثر على إصدارات 8.15.0-8.17.3. التوصية بالتحديث الفوري. للمزيد: https://t.co/3ZQQQBDfeg #الأمن_السيبراني #Elastic
@CYBRAT_NET
8 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Elastic Rolls Out Critical Updates to Fix Major Kibana Flaw (#CVE-2025-25012) https://t.co/Z72gCJMLyL
@UndercodeUpdate
8 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Co CVE-2025-25012 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/lO656hfPHX #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
7 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 CVE-2025-25015 Kibana Prototype Pollution vulnerability requires authentication with the following privileges: fleet-all, integrations-all, and actions:execute-advanced-connectors 📌 CVE-2025-25012: A typo of CVE-2025-25015 Details are here: https://t.co/E5ginMj2FQ
@vulmoncom
7 Mar 2025
52 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-25012 impacts Kibana #CVE-2025-25012 #Kibana https://t.co/B4qjM0HH1A
@pravin_karthik
7 Mar 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Elasticは、「Kibana」 における重大な脆弱性(CVE-2025-25012)を修正しました。 この脆弱性はCVSSスコア9.9と評価され、対象者はアップデートする事をお勧めします。 #セキュリティ対策Lab #セキュリティ #Security https://t.co/6QmElCc4Sa
@securityLab_jp
7 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Alerta crítica en Kibana! Elastic parchea la vulnerabilidad **CVE-2025-25012** (CVSS 9.9/10) que permite ejecución de código remoto. 📉 Afecta versiones 8.15.0-8.17.2. ¡Actualiza YA! 🔥 #CyberSecurity #Kibana #Elastic - https://t.co/zrWBMxHImL https://t.co/fFYKfyiHlS
@C1B3R53CUR1TY
6 Mar 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#Kibana Security Flaw (CVE-2025-25012): #Elastic Issues Critical Update #cybersecurity #news #latest #trending #viral https://t.co/CuZfrrARdF
@cyashadotcom
6 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Elastic has released an urgent fix for a critical Kibana vulnerability (CVE-2025-25012) enabling remote code execution. Affected versions: 8.15.0 to 8.17.3. Update to 8.17.3 or disable features. #Kibana #Elastic #USA link: https://t.co/pYwydqCBQX https://t.co/rXznTvZ6kA
@TweetThreatNews
6 Mar 2025
16 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Critical Code Execution Vulnerability in Elastic Kibana 📅 Timeline: Disclosure: 2025-03-05, Patch: 2025-03-05 🆔cveId: CVE-2025-25012 📊baseScore: 9.9 📏cvssMetrics: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvssSeverity: Critical 🔴 🛠️exploitMaturity: No
@syedaquib77
6 Mar 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-25012 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana 🎯232k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/TDcT06CYfs FOFA Query:app="Kibana" 🔖Refer:https://t.co/rO6Tl1U3xE #OSINT #FOFA… ht
@fofabot
6 Mar 2025
864 Impressions
3 Retweets
6 Likes
5 Bookmarks
0 Replies
0 Quotes
Elastic has rolled out critical updates to fix a major flaw in Kibana (CVE-2025-25012), a prototype pollution vulnerability with a CVSS score of 9.9. This issue affects Kibana versions 8.15.0 to 8.17.3, risking remote code execution. Get details here: https://t.co/JIkGgYIcAL
@TheHackersNews
6 Mar 2025
12756 Impressions
48 Retweets
105 Likes
23 Bookmarks
2 Replies
0 Quotes
🚨 A critical vulnerability (CVE-2025-25012) in Elastic Kibana allows arbitrary code execution. Users must upgrade to 8.17.3 to secure systems from potential attacks. #ElasticKibana #InfoSec #USA link: https://t.co/1RPbGDys72 https://t.co/yBhtZg9BAJ
@TweetThreatNews
6 Mar 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25012 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana https://t.co/EUFLeugLAg https://t.co/9JdlRWeine
@freedomhack101
6 Mar 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-25012 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana 📊 379.9K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/Xdrn76seDZ 👇Query HUNTER : https://t.co/q9rtuGgxk7="Elastic Kibana" FOFA :… https:
@HunterMapping
6 Mar 2025
3436 Impressions
19 Retweets
37 Likes
16 Bookmarks
0 Replies
0 Quotes
🚨CVE Alert: Critical Elastic Kibana Remote Arbitrary Code Execution Vulnerability🚨 Vulnerability Details: CVE-2025-25012 (CVSS v3 9.9/10) Elastic Kibana Remote Arbitrary Code Execution Vulnerability Impact A Successful exploit could allow attackers to execute arbitrary code…
@CyberxtronTech
6 Mar 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25012 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana https://t.co/b5p2H0JvgB
@Dinosn
6 Mar 2025
2965 Impressions
14 Retweets
46 Likes
10 Bookmarks
0 Replies
0 Quotes
CVE-2025-25012 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana Learn about CVE-2025-25012: a serious vulnerability in Kibana that poses risks of arbitrary code execution on systems. https://t.co/WeGF8FI3KH
@the_yellow_fall
6 Mar 2025
2515 Impressions
3 Retweets
35 Likes
15 Bookmarks
0 Replies
0 Quotes