CVE-2025-25017: 
Kibana vulnerability analysis and mitigation

CVE-2025-25017 is a high-severity Cross-Site Scripting (XSS) vulnerability affecting Kibana's Vega visualization engine. The vulnerability was discovered and disclosed in October 2025, impacting multiple versions of Kibana including versions 7.x (up to 7.17.29), 8.x (up to 8.18.7), 8.19.x (up to 8.19.3), 9.0.x (up to 9.0.6), and 9.1.x (up to 9.1.3). The flaw stems from improper neutralization of input during web page generation in Vega visualizations (Elastic Discussion).

The vulnerability is characterized by improper neutralization of input during web page generation in Vega visualizations within Kibana. It has been assigned a CVSS v3.1 score of 8.2 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N. The vulnerability affects all Kibana configurations that have Vega visualizations enabled (Elastic Discussion).

The vulnerability allows attackers to inject malicious JavaScript into Vega visualization specifications, which could lead to cross-site scripting attacks. When successfully exploited, it could enable data theft, session hijacking, or privilege escalation within Kibana dashboards (Security Online).

Elastic has released patches in versions 8.18.8, 8.19.4, 9.0.7, and 9.1.4 to address this vulnerability. For users unable to upgrade immediately, a workaround is available by disabling Vega visualizations. This can be done by setting vistypevega.enabled: false in the kibana.yml file for on-premise installations. Elastic Cloud users can contact support to have Vega visualizations disabled in their deployments (Elastic Discussion).