CVE-2025-37728: 
Kibana vulnerability analysis and mitigation

CVE-2025-37728 is a security vulnerability affecting the Crowdstrike connector in Kibana, discovered and disclosed on October 6, 2025. The vulnerability stems from insufficiently protected credentials in the Crowdstrike connector, affecting multiple versions of Kibana including 7.x (prior to 7.17.29), 8.x (8.14.0 to 8.18.7), 8.19.x (8.19.0 to 8.19.4), 9.0.x (9.0.0 to 9.0.7), and 9.1.x (9.1.0 to 9.1.4) (Elastic Discussion).

The vulnerability is characterized by insufficient protection of credentials in the Crowdstrike connector, which allows unauthorized access to cached credentials. The severity is rated as Medium with a CVSS v3.1 base score of 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). The vulnerability is classified under CWE-522 (Insufficiently Protected Credentials) (Elastic Discussion).

A malicious user can exploit this vulnerability to access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access. This could lead to unauthorized access to Crowdstrike credentials (Elastic Discussion).

The vulnerability has been patched in Kibana versions 8.18.8, 8.19.5, 9.0.8, and 9.1.5. For users who cannot upgrade, there are no available workarounds (Elastic Discussion).