Severe Kibana flaw allowed attackers to run arbitrary code
A newly disclosed security vulnerability in Elastic’s Kibana platform has put thousands of businesses at risk, with attackers able to execute arbitrary code on vulnerable systems.
The flaw, identified as CVE-2025-25014, carries a critical CVSS score of 9.1, underscoring the urgency for organizations to update their deployments immediately.
Elastic, the company behind Kibana, announced [ESA-2025-07] a critical prototype pollution vulnerability that allows an attacker to execute arbitrary code remotely.
Read more at GBHackers