cbcvebase.
CVE-2025-68422
published 2025-12-18

CVE-2025-68422: Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission…

PriorityP425medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.20%
9.6th percentile
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of live queries.

Affected

7 ranges
VendorProductVersion rangeFixed in
elastickibana
elastickibana7.0.0 – 7.17.29
elastickibana>= 8.0.0 < 8.19.78.19.7
elastickibana8.0.0 – 8.19.6
elastickibana>= 9.0.0 < 9.1.79.1.7
elastickibana9.0.0 – 9.1.6
elastickibana>= 9.2.0 < 9.2.09.2.0

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.