CVE-2025-25012 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-25012

CVE-2025-25012

June 25, 2025

URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.

Affected Packages

https://github.com/elastic/kibana.git (GITHUB):

Affected version(s) >=v8.18.0 <https://github.com/elastic/kibana/commit/465e87889f7f1e83281f05413b13d5013d01fded

Fix Suggestion:

Update to version https://github.com/elastic/kibana/commit/465e87889f7f1e83281f05413b13d5013d01fded

https://github.com/elastic/kibana.git (GITHUB):

Affected version(s) >=v9.0.0 <v9.0.3

Fix Suggestion:

Update to version v9.0.3

https://github.com/elastic/kibana.git (GITHUB):

Affected version(s) >=v8.0.0 <v8.17.8

Fix Suggestion:

Update to version v8.17.8

https://github.com/elastic/kibana.git (GITHUB):

Affected version(s) >=v5.0.0 <v7.17.29

Fix Suggestion:

Update to version v7.17.29

Related Resources (1)

https://discuss.elastic.co/t/kibana-7-17-29-8-17-8-8-18-3-9-0-3-security-update-esa-2025-10/379444

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

EPSS

Base Score:

0.07

Products

Solutions

Resources

Company

Compare

Developer Tools