Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Elastic Kibana
Alerts

Critical Vulnerability in Elastic Kibana

7 March 2025

Elastic has released security updates addressing a critical vulnerability affecting their Kibana software. Users and administrators of affected products are advised to update to the latest versions immediately.

Elastic has released security updates addressing a critical vulnerability (CVE-2025-25015) affecting their Kibana software. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.9 out of 10.

Successful exploitation of the prototype pollution vulnerability in the Kibana could allow an attacker to manipulate an application's JavaScript objects and properties, potentially leading to unauthorised data access, privilege escalation, denial-of-service, or remote code execution. 

The vulnerability affects all versions of Kibana before version 8.17.3.

Users and administrators of the affected products are advised to update to the latest version immediately. In the event that immediate patching is not an option, users are recommended to set the Integration Assistant feature flag to false ("xpack.integration_assistant.enabled: false") in Kibana's configuration ("kibana.yml").

More information is available here:

https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441

https://thehackernews.com/2025/03/elastic-releases-urgent-fix-for.html

Back to top