CVE-2025-25016Unrestricted File Upload in Kibana

CWE-434Unrestricted File Upload3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 59.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedMay 1

Description

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5elastic/kibana7.17.07.17.18+1
NVDelastic/kibana7.17.07.17.19+1

Patches

Patch: discuss.elastic.co

🔴Vulnerability Details

2
GHSA
GHSA-x496-m67p-rgph: Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insu2025-05-01
CVEList
Kibana Unrestricted Upload of File2025-05-01
CVE-2025-25016 — Unrestricted File Upload in Elastic | cvebase