Elastic has released urgent security updates to address a critical vulnerability in Kibana, identified as CVE-2025-25012. This vulnerability could allow attackers to execute arbitrary code on affected servers, posing significant risks to system security.

Affected Systems

The following Kibana versions are affected:

• Kibana versions 8.15.0 to 8.17.0:  Exploitable by users with the Viewer role.

• Kibana versions 8.17.1 and 8.17.2: Requires users with fleet-all, integrations-all, and actions: execute-advanced-connectors privileges.

Security Risks

The identified vulnerabilities in Kibana could lead to remote code execution, unauthorized data access, privilege escalation, and potential denial-of-service attacks, posing significant threats to system integrity and confidentiality.

Recommended Actions

To mitigate these risks, The National Cyber Security Authority (NCSA) recommends users and system administrators to:

• Upgrade to the latest supported version of Kibana as soon as possible to ensure continued access to technical support and security patches.
  
  The recommended software versions to upgrade to is:

• Kibana Version 8.17.3 or later.  

• Before performing any updates, ensure that a complete backup of your data is taken to prevent data loss during the upgrade process.

• After upgrading, monitor your systems for any unusual activity and ensure all security configurations are up to date.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009

References

• Kibana 8.17.3 Security Update (ESA-2025-06)

• Elastic patches critical Kibana flaw allowing code execution

• Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution