vulnerability
Elastic Kibana: CVE-2025-25009: Improper Neutralization of Input During Web Page Generation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:S/C:C/I:C/A:N) | Oct 7, 2025 | Oct 8, 2025 | Oct 31, 2025 |
Severity
8
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:N)
Published
Oct 7, 2025
Added
Oct 8, 2025
Modified
Oct 31, 2025
Description
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.
Solution
elastic-kibana-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.