Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: arbitrary code execution in Kibana, patch immediately!
Image
Publié : 06/03/2025
Reference:
Advisory #2025-50
Version:
1.0
Affected software:
Kibana
Type:
Arbitrary Code Execution
CVE/CVSS:
CVE-2025-25015: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/3...
Risks
A newly discovered vulnerability in Kibana allows attackers to execute unauthorized code, potentially exposing sensitive company data and disrupting operations.
Kibana is a powerful data visualization and analytical tool used by organizations to monitor and analyze business operations, security events, and system performance.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
A critical security vulnerability, CVE-2025-25015, has been identified in Kibana versions 8.15.0 through 8.17.2. This flaw arises from prototype pollution, a type of vulnerability that allows attackers to manipulate JavaScript objects and properties, potentially leading to unauthorized actions such as arbitrary code execution.
In affected versions, an attacker can exploit this vulnerability by uploading a crafted file or sending specifically crafted HTTP requests, leading to arbitrary code execution. Notably, in versions 8.15.0 to 8.17.0, even users with the minimal 'Viewer' role can exploit this flaw. In versions 8.17.1 and 8.17.2, exploitation requires roles with combined privileges: fleet-all, integrations-all, and actions:execute-advanced-connectors.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441