CVE-2025-68389
published 2025-12-18CVE-2025-68389: Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation…
PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.27%
18.6th percentile
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | 7.0.0 – 7.17.29 | — |
| elastic | kibana | >= 8.0.0 < 8.19.9 | 8.19.9 |
| elastic | kibana | 8.0.0 – 8.19.8 | — |
| elastic | kibana | >= 9.0.0 < 9.1.9 | 9.1.9 |
| elastic | kibana | 9.0.0 – 9.1.8 | — |
| elastic | kibana | >= 9.2.0 < 9.2.3 | 9.2.3 |
| elastic | kibana | 9.2.0 – 9.2.2 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Kibana: Kibana: Denial of Service via excessive resource allocation from crafted HTTP requests
vendor_redhat·2025-12-18·CVSS 6.5
CVE-2025-68389 [MEDIUM] CWE-770 Kibana: Kibana: Denial of Service via excessive resource allocation from crafted HTTP requests
Kibana: Kibana: Denial of Service via excessive resource allocation from crafted HTTP requests
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.
A flaw was found in Kibana. A low-privileged authenticated user can exploit this vulnerability by sending a specially crafted HTTP request, leading to an excessive allocation of computing resources. This can result in a denial of service (DoS) for the Kibana process, making the service unavailable to legitimate users.
Statement: This vulnerability is rated Important for Red Hat. A low-privileged authenticated user can exploit a flaw i
GHSA
GHSA-pqm3-5mc5-3xcm: Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (
ghsa_unreviewed·2025-12-19
CVE-2025-68389 [MEDIUM] CWE-770 GHSA-pqm3-5mc5-3xcm: Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.
No detection rules found.
No public exploits indexed.
2025-12-18
Published