CVE-2025-25009 — Cross-site Scripting in Kibana

Severity

5.4MEDIUMNVD

CNA8.7

EPSS

0.0%

top 95.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 7

Description

Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶NVDelastic/kibana7.0.0 — 8.18.8+3

▶CVEListV5elastic/kibana7.0.0 — 7.17.29+4

CVEList

Kibana Cross-Site Scripting (XSS)↗2025-10-07

▶

GHSA

GHSA-q2gp-8vqw-v8h2: Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload↗2025-10-07

▶

Red Hat

kibana: Kibana Cross-Site Scripting (XSS)↗2025-10-07

▶

Microsoft

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().↗2021-05-11

▶