Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Mar 06, 2025
Data Security / Software Security
Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25015 , carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution. "Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests," the company said in an advisory released Wednesday. Prototype pollution vulnerability is a security flaw that allows attackers to manipulate an application's JavaScript objects and properties, potentially leading to unauthorized data access, privilege escalation, denial-of-service, or remote code execution. The vulnerability affects all versions of Kibana between 8.15.0 and 8.17.3. It has been addressed in version 8.17.3. That said, in Kibana versions from 8.15.0 and prior to 8.17....
![Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhM5jI8FVP1tzJaKIu8nlTdOmjGyA2IQAKVRihrTXOM7K3WCMjugET571ivv6PB_-jdsJPrBN7f34R9uF-8JohBpF8ZSey7ZTRmgdpQ8OZ9JwvpBAJujhuOH6zCidExabNOyw2uD7cCscTHAJtzEGLI4KHjHcUbvAunnpfIlm8HjBZVkXPBCCIguGoOfKCB/w72-h72-p-k-no-nu/storm.png "Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails")
