Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Critical Prototype Pollution in Elastic Kibana that can lead to RCE, Patch Immediately!
Image
Veröffentlicht : 08/05/2025
- Last update: 08/05/2025
- Affected software:
→ Elastic Kibana versions: 8.3.0 - 8.17.5, and 8.18.0, and 9.0.0.- Type: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
- CVE/CVSS
→ CVE-2025-25014: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Sources
https://discuss.elastic.co/t/kibana-8-17-6-8-18-1-or-9-0-1-security-update-esa-2025-07/377868
Risks
Kibana is a data visualization and exploration tool used for log and time-series analytics, application monitoring, and operational intelligence, built on top of Elasticsearch. Elasticsearch is a powerful search and analytics engine, and Kibana provides a user-friendly interface to interact with and visualize the data stored in it.
On 6 May 2025, Elastic announced that one critical vulnerability: CVE-2025-25014 has been found in the Kibana tool in the versions 8.3.0 - 8.17.5, and 8.18.0, and 9.0.0.
CVE-2025-25014 is a prototype pollution vulnerability which can allow an attacker to use crafted HTTP requests to execute arbitrary code in machine learning and reporting endpoints.
Exploiting CVE-2025-25014 could have a high impact on all three aspects of the CIA triad (Confidentiality, Integrity, Availability).
As of 7 May 2025, there are no publicly reported incidents of this vulnerability being exploited in the wild and there is no available proof-of-concept (PoC) online.
Description
A remote authenticated attacker without any user interaction and with high privileges can exploit this vulnerability to execute arbitrary code. That can allow the attacker to compromise the entire Kibana instance.
This occurs because there is improper control of the modification of object protoype attributes, which the attacker can take advantage of.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. The CCB recommends upgrading to the following versions 8.17.6, 8.18.1, or 9.0.1, or later.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.