Security News > 2025 > March > Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution

2025-03-06 12:33
Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution. "Prototype pollution in Kibana leads to
News URL
https://thehackernews.com/2025/03/elastic-releases-urgent-fix-for.html
Related news
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Critical flaws in Mongoose library expose MongoDB to data thieves, code execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- WordPress security plugin WP Ghost vulnerable to remote code execution bug (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)