CVE-2025-25015: 
Kibana vulnerability analysis and mitigation

A critical vulnerability in Kibana (CVE-2025-25015) was discovered and disclosed on March 5, 2025. This prototype pollution vulnerability affects Kibana versions between 8.15.0 and 8.17.3, leading to arbitrary code execution through crafted file uploads and HTTP requests. The vulnerability has received a Critical CVSS score of 9.9 (Elastic Advisory, Hacker News).

The vulnerability is classified as a prototype pollution issue (CWE-1321) that enables arbitrary code execution through a combination of crafted file uploads and specifically crafted HTTP requests. The exploitation requirements vary by version: in versions 8.15.0 to 8.17.0, it's exploitable by users with just the 'Viewer' role, while in versions 8.17.1 and 8.17.2, it requires specific privileges including fleet-all, integrations-all, and actions:execute-advanced-connectors. The vulnerability has been assigned a CVSS v3.1 score of 9.9 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (Security Online, Elastic Advisory).

The vulnerability affects Kibana instances running on Elastic Cloud, though code execution is contained within the Kibana Docker container, with container escape prevented by seccomp-bpf and AppArmor profiles. It's worth noting that self-managed Kibana instances on Basic or Platinum licenses are not affected by this vulnerability (Elastic Advisory).

Elastic has released version 8.17.3 to patch this vulnerability. For users unable to upgrade immediately, a temporary mitigation is available by disabling the Integration Assistant feature by setting 'xpack.integration_assistant.enabled: false' in the Kibana configuration file (kibana.yml) (Elastic Advisory, Hacker News).