CVE-2025-25016

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/kibana-7-17-19-and-8-13-0-security-update-esa-2024-47/377711	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:elastic:kibana::::::::
	cpe:2.3:a:elastic:kibana::::::::

History

02 Oct 2025, 16:34

Type	Values Removed	Values Added
Summary		(es) La carga de archivos sin restricciones en Kibana permite que un atacante autenticado comprometa la integridad del software al cargar un archivo malicioso manipulado debido a una validación insuficiente del lado del servidor.
References	~~() https://discuss.elastic.co/t/kibana-7-17-19-and-8-13-0-security-update-esa-2024-47/377711 -~~	() https://discuss.elastic.co/t/kibana-7-17-19-and-8-13-0-security-update-esa-2024-47/377711 - Patch, Vendor Advisory
CPE		cpe:2.3:a:elastic:kibana::::::::
First Time		Elastic kibana Elastic

01 May 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 14:15

Updated : 2025-10-02 16:34

NVD link : CVE-2025-25016

Mitre link : CVE-2025-25016

CVE.ORG link : CVE-2025-25016

JSON object : View

Products Affected

elastic

kibana

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

4.3 /10