Overview Recently, NSFOCUS CERT detected that Elastic issued a security bulletin to fix the arbitrary code execution vulnerability caused by Elastic Kibana prototype contamination (CVE-2025-25014); Due to the prototype contamination problem in Kibana, an attacker with specific role privileges can bypass the authentication mechanism by constructing specially crafted file uploads and specific HTTP requests to […]
The post Elastic Kibana Prototype Contamination Leads to Arbitrary Code Execution Vulnerability (CVE-2025-25014) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post Elastic Kibana Prototype Contamination Leads to Arbitrary Code Execution Vulnerability (CVE-2025-25014) appeared first on Security Boulevard.
NSFOCUS
Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/05/elastic-kibana-prototype-contamination-leads-to-arbitrary-code-execution-vulnerability-cve-2025-25014/?utm_source=rss&utm_medium=rss&utm_campaign=elastic-kibana-prototype-contamination-leads-to-arbitrary-code-execution-vulnerability-cve-2025-25014