CVE-2025-68385 — Cross-site Scripting in Kibana

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

CNA7.2

EPSS

0.0%

top 87.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elastic Kibana

Timeline

PublishedDec 18

Latest updateDec 19

Description

Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a method in Vega bypassing a previous Vega XSS mitigation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDelastic/kibana8.0.0 — 8.19.9+3

▶CVEListV5elastic/kibana7.0.0 — 7.17.29+3

🔴Vulnerability Details

GHSA

GHSA-x89f-99hf-gmr7: Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script↗2025-12-19

▶

CVEList

Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')↗2025-12-18

▶

📋Vendor Advisories

Red Hat

Kibana: Kibana: Cross-site Scripting (XSS) vulnerability allows authenticated users to embed malicious scripts↗2025-12-18

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68385 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶