{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-25017", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2025-01-31T15:28:16.918Z", "datePublished": "2025-10-10T09:53:25.634Z", "dateUpdated": "2025-10-10T16:43:55.939Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Kibana", "repo": "https://github.com/kibana", "vendor": "Elastic", "versions": [{"lessThanOrEqual": "7.17.29", "status": "affected", "version": "7.0.0", "versionType": "semver"}, {"lessThanOrEqual": "8.18.7", "status": "affected", "version": "8.0.0", "versionType": "semver"}, {"lessThanOrEqual": "8.19.3", "status": "affected", "version": "8.19.0", "versionType": "semver"}, {"lessThanOrEqual": "9.0.6", "status": "affected", "version": "9.0.0", "versionType": "semver"}, {"lessThanOrEqual": "9.1.3", "status": "affected", "version": "9.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">Improper Neutralization of Input During Web Page Generation</span> in Kibana can lead to Cross-Site Scripting (XSS)</p><br><br>"}], "value": "Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2025-10-10T09:53:25.634Z"}, "references": [{"url": "https://discuss.elastic.co/t/kibana-8-18-8-8-19-4-9-0-7-9-1-4-security-update-esa-2025-16/382450"}], "source": {"discovery": "UNKNOWN"}, "title": "Kibana Stored Cross-Site Scripting (XSS)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-10T16:43:44.510281Z", "id": "CVE-2025-25017", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-10T16:43:55.939Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-25017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-10T16:43:44.510281Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-10T16:43:49.647Z"}}], "cna": {"title": "Kibana Stored Cross-Site Scripting (XSS)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kibana", "vendor": "Elastic", "product": "Kibana", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.17.29"}, {"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.18.7"}, {"status": "affected", "version": "8.19.0", "versionType": "semver", "lessThanOrEqual": "8.19.3"}, {"status": "affected", "version": "9.0.0", "versionType": "semver", "lessThanOrEqual": "9.0.6"}, {"status": "affected", "version": "9.1.0", "versionType": "semver", "lessThanOrEqual": "9.1.3"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.elastic.co/t/kibana-8-18-8-8-19-4-9-0-7-9-1-4-security-update-esa-2025-16/382450"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">Improper Neutralization of Input During Web Page Generation</span> in Kibana can lead to Cross-Site Scripting (XSS)</p><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2025-10-10T09:53:25.634Z"}}}, "cveMetadata": {"cveId": "CVE-2025-25017", "state": "PUBLISHED", "dateUpdated": "2025-10-10T16:43:55.939Z", "dateReserved": "2025-01-31T15:28:16.918Z", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "datePublished": "2025-10-10T09:53:25.634Z", "assignerShortName": "elastic"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC3153A3-2F19-4238-9365-62F1CEB5BB09", "versionEndExcluding": "8.18.8", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "matchCriteriaId": "72E852B6-81A1-40E8-BD2C-70A6272EA31F", "versionEndExcluding": "8.19.4", "versionStartIncluding": "8.19.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "matchCriteriaId": "64BD24C3-4FAB-4446-87C0-5A75A882506F", "versionEndExcluding": "9.0.7", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "matchCriteriaId": "77B25D2C-3471-4B57-B0A9-0896E7779887", "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)"}], "id": "CVE-2025-25017", "lastModified": "2025-10-30T14:29:18.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "bressers@elastic.co", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-10-10T10:15:32.900", "references": [{"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/kibana-8-18-8-8-19-4-9-0-7-9-1-4-security-update-esa-2025-16/382450"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "bressers@elastic.co", "type": "Secondary"}]}

{"bugzilla": {"description": "Kibana: Kibana Stored Cross-Site Scripting (XSS)", "id": "2403040", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403040"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)", "A Cross-Site Scripting (XSS) vulnerability in Kibana\u2019s Vega visualization engine. It results from improper input validation in Vega visualization specifications, allowing attackers to inject malicious JavaScript. Successful exploitation could lead to session hijacking, data theft, or privilege escalation within Kibana dashboards."], "mitigation": {"lang": "en:us", "value": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-25017", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "kibana", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/tempo-jaeger-query-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "puppet-kibana3", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2025-10-10T09:53:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-25017\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-25017\nhttps://discuss.elastic.co/t/kibana-8-18-8-8-19-4-9-0-7-9-1-4-security-update-esa-2025-16/382450"], "statement": "This vulnerability is rated Important rather than Moderate because it allows unauthenticated remote exploitation through user interaction, enabling attackers to execute arbitrary JavaScript within the Kibana interface and compromise the confidentiality and integrity of dashboard data. Unlike moderate XSS issues confined to low-impact contexts, this flaw occurs in the Vega visualization engine, which operates within privileged browser sessions connected to sensitive Elastic data. The cross-context nature (S:C) and high integrity impact (I:H) in the CVSS vector indicate that an attacker can potentially elevate privileges, steal session tokens, or alter visualization outputs, posing a significant risk to operational security and data trust within the Kibana environment.", "threat_severity": "Important"}

{"created": "2025-10-20T16:25:29.696365+00:00", "updated": "2025-10-20T16:25:29.696387+00:00", "vendors": ["elastic", "elastic$PRODUCT$kibana"]}