CVE-2025-25017

HIGH8.2JSON export Create alert

Description

Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

None

Affected products

Elastic / Kibana7.0.0 – 7.17.29
Elastic / Kibana8.0.0 – 8.18.7
Elastic / Kibana8.19.0 – 8.19.3
Elastic / Kibana9.0.0 – 9.0.6
Elastic / Kibana9.1.0 – 9.1.3

References

MISChttps://discuss.elastic.co/t/kibana-8-18-8-8-19-4-9-0-7-9-1-4-security-update-esa-2025-16/382450