CVE-2025-25012
MEDIUM WAF: Medium
CVSS 5.4
Published: 2025-06-25
CWE-601
URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| elastic | kibana | 7.0.0 - 7.17.29 |
| elastic | kibana | 8.0.0 - 8.17.8 |
| elastic | kibana | 8.18.0 - 8.18.3 |
| elastic | kibana | 9.0.0 - 9.0.3 |
References
- discuss.elastic.co (Issue Tracking, Patch, Vendor Advisory)