National Cyber Warfare Foundation (NCWF)

Elastic Kibana Prototype Contamination Leads to Arbitrary Code Execution Vulnerability (CVE-2025-25014)


0 user ratings
2025-05-09 14:10:18
milo
Blue Team (CND)

Overview Recently, NSFOCUS CERT detected that Elastic issued a security bulletin to fix the arbitrary code execution vulnerability caused by Elastic Kibana prototype contamination (CVE-2025-25014); Due to the prototype contamination problem in Kibana, an attacker with specific role privileges can bypass the authentication mechanism by constructing specially crafted file uploads and specific HTTP requests to […]


The post Elastic Kibana Prototype Contamination Leads to Arbitrary Code Execution Vulnerability (CVE-2025-25014) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..


The post Elastic Kibana Prototype Contamination Leads to Arbitrary Code Execution Vulnerability (CVE-2025-25014) appeared first on Security Boulevard.



NSFOCUS

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/05/elastic-kibana-prototype-contamination-leads-to-arbitrary-code-execution-vulnerability-cve-2025-25014/?utm_source=rss&utm_medium=rss&utm_campaign=elastic-kibana-prototype-contamination-leads-to-arbitrary-code-execution-vulnerability-cve-2025-25014


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.