CVE-2025-25014 – Kibana arbitrary code execution via prototype pollution

https://notcve.org/view.php?id=CVE-2025-25014

06 May 2025 — A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. • https://github.com/Sratet/CVE-2025-25014 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •