cbcvebase.
CVE-2025-25012
published 2025-06-25

CVE-2025-25012: URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a…

PriorityP426medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.39%
30.8th percentile
URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.

Affected

20 ranges
VendorProductVersion rangeFixed in
elastickibana>= 7.0.0 < 7.17.297.17.29
elastickibana7.0.0 – 7.17.28
elastickibana>= 8.0.0 < 8.17.88.17.8
elastickibana8.0.0 – 8.17.7
elastickibana>= 8.18.0 < 8.18.38.18.3
elastickibana8.18.0 – 8.18.2
elastickibana>= 9.0.0 < 9.0.39.0.3
elastickibana9.0.0 – 9.0.2
msrcazl3_hyperv-daemons_6.6.14.1-1_on_azure_linux_3.0
msrcazl3_hyperv-daemons_6.6.92.2-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_hyperv-daemons_5.15.118.1-1_on_cbl_mariner_2.0
msrccbl2_kernel_5.15.107.1-2_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_kernel_5.10.177.1-1_on_cbl_mariner_1.0
msrccm1_libwebp_1.0.3-1_on_cbl_mariner_1.0

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_msrc9.1CRITICAL
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.