# Remote Code Execution Vulnerability in Kibana Urgently Patched by Elastic

A critical security vulnerability has been discovered in Kibana, a popular data visualization platform for Elasticsearch. This vulnerability, tracked as CVE-2025-25012, stems from a **prototype pollution** issue. It could allow hackers to execute malicious code on affected systems, posing a significant risk to organizations using Kibana for data analysis and monitoring.

# **Vulnerability Details**

* Vulnerability ID: **CVE-2025-25012**
    
* Severity Level: **Critical**
    
* CVSSv3 Score: **9.9**
    
* General Description: The **Prototype Pollution** vulnerability in Kibana can lead to arbitrary code execution through **malicious file uploads** and **specially crafted HTTP requests**.
    
* Affected Versions:
    
    * In versions **Kibana &gt;=8.15.0 to &lt;8.17.1**, this vulnerability can be exploited by users with the Viewer role.
        
    * In versions **Kibana 8.17.1 and 8.17.2**, only users with roles containing **all** the following permissions can exploit this vulnerability:
        
        * fleet-all
            
        * integrations-all
            
        * actions:execute-advanced-connectors
            

# **Impact**

Kibana is a crucial tool for many organizations, especially in the fields of **real-time information monitoring, security analysis, and business intelligence (BI)**. Therefore, this vulnerability becomes a **prime target for hackers**, as it can be exploited to execute malicious code on the system.

The threat from this vulnerability becomes more severe when **low-privilege accounts can also be exploited** as an initial entry point. This means that even users with only data viewing permissions in Kibana can inadvertently become a **backdoor** for hackers. If the system is compromised, consequences may include **data leaks, system control takeover, or complete operational disruption**. This not only directly affects businesses but also paves the way for subsequent attacks.

# **Recommendations**

**FPT Threat Intelligence** recommends organizations and individuals take several measures to prevent this vulnerability:

* **System Update:** Quickly upgrade Kibana to the latest version to address the security vulnerability.
    
* **Access Management:** Review and restrict user access, granting permissions only when necessary.
    
* **Activity Monitoring:** Monitor network traffic and system logs to detect early signs of vulnerability exploitation.
    
* **Security Awareness:** Train employees about the risks from the vulnerability and potential attack methods.
    
* **Enhanced Defense:** Implement protective measures such as firewalls, IDS/IPS, and conduct regular security checks.
    

# **References**

* [**Critical Kibana Vulnerability (CVE-2025-25012) Exposes Systems to Code Execution, Patch Now**](https://socradar.io/kibana-cve-2025-25012-system-code-execution/)
    
* [**CVE-2025-25015 Detail**](https://nvd.nist.gov/vuln/detail/CVE-2025-25015)
