Summary
Elastic NV releases security updates to address a vulnerability with severity “critical” in Kibana, a popular data visualization platform. This vulnerability, if exploited, could allow an attacker to execute arbitrary code on affected systems by submitting files or requests appropriately crafted.
Risk
Estimate of impact of the vulnerability on the reference community: High (66.53)
Type
- Arbitrary Code Execution
Affected products and versions
Kibana 8.x, versions from 8.15.0 and before 8.17.3
Mitigation actions
In line with the vendor statements, it is recommended to update the vulnerable products following the indications of the security bulletin reported in the References section.
References
https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441/1
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
