CVE-2025-37728: 
Kibana vulnerability analysis and mitigation

CVE-2025-37728 is a medium-severity vulnerability affecting the CrowdStrike connector in Kibana. The vulnerability was discovered and disclosed on October 6, 2025, impacting multiple versions of Kibana including 7.x (up to 7.17.29), 8.x (8.14.0 to 8.18.7), 8.19.x (8.19.0 to 8.19.4), 9.0.x (9.0.0 to 9.0.7), and 9.1.x (9.1.0 to 9.1.4). The flaw involves insufficiently protected credentials in the CrowdStrike connector that can lead to credential leakage (Elastic Discussion).

The vulnerability has been assigned a CVSSv3.1 score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The technical issue stems from improper protection of cached credentials within the Kibana CrowdStrike connector. The vulnerability specifically affects instances where the CrowdStrike connector is in use, allowing malicious users to access cached credentials across different spaces within the same Kibana deployment (SecurityOnline, GBHackers).

The vulnerability enables unauthorized access to CrowdStrike API credentials, potentially allowing attackers to interact with the CrowdStrike platform using compromised account privileges. A malicious user with access to one space in Kibana can create and run a new CrowdStrike connector to access cached credentials from existing connectors in different spaces, leading to potential credential theft and unauthorized access to CrowdStrike's functionality (CyberSecurityNews).

Elastic has addressed this vulnerability in versions 8.18.8, 8.19.5, 9.0.8, and 9.1.5. There are no alternative workarounds available for users who cannot immediately upgrade, making patching the only viable solution. Organizations are strongly advised to upgrade to one of these patched releases to resolve the security issue (SecurityOnline).