CVE-2025-25017 — Cross-site Scripting in Kibana

Severity

6.1MEDIUMNVD

CNA8.2

EPSS

0.0%

top 93.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 10

Description

Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶NVDelastic/kibana7.0.0 — 8.18.8+3

▶CVEListV5elastic/kibana7.0.0 — 7.17.29+4

GHSA

GHSA-866g-x98c-rprc: Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)↗2025-10-10

▶

CVEList

Kibana Stored Cross-Site Scripting (XSS)↗2025-10-10

▶

Red Hat

Kibana: Kibana Stored Cross-Site Scripting (XSS)↗2025-10-10

▶