Software giant Elastic rolled out security updates, warning users of a critical vulnerability in Kibana’s data visualization dashboard.
The company claims the bug, tracked as CVE-2025-25015, is a prototype pollution flaw, a type of bug that enables attackers to meddle with JavaScript objects and properties. In Kibana’s case, the bug manifests when an attacker uploads a crafted file.
If exploited, the bug could lead to remote code execution (RCE) attacks, meaning that threat actors could run their own code on an impacted instance. RCE attacks are among the most dangerous, as they enable malicious actors to take over an impacted instance or move laterally within the target system.
The vulnerability was given a CVSS rating of 9.9 out of 10, indicating that the bug is of high severity.
According to the company, Kibana’s versions 8.15.0 through 8.17.2 are affected by the flaw. Versions 8.15.0 through 8.17.1 allow users to exploit the bug while users are in Viewer role, while later versions only enable users with certain privileges.
To mitigate the issue, users should upgrade to Kibana version 8.17.3.
Kibana is among the larger data visualization solutions worldwide, with around 2% of the global market.
Your email address will not be published. Required fields are markedmarked