CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2025-25014 – Kibana arbitrary code execution via prototype pollution
https://notcve.org/view.php?id=CVE-2025-25014
06 May 2025 — A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. • https://github.com/Sratet/CVE-2025-25014 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12556 – Kibana Prototype Pollution can lead to code injection
https://notcve.org/view.php?id=CVE-2024-12556
08 Apr 2025 — Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal. • https://discuss.elastic.co/t/kibana-8-16-4-and-8-17-2-security-update-esa-2025-02/376918 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-25015 – Kibana arbitrary code execution via prototype pollution
https://notcve.org/view.php?id=CVE-2025-25015
05 Mar 2025 — Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors La contaminación de prototipos en Kibana conduce a la ejecución de código arbitrario a trav... • https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •