Unrated severityNVD Advisory· Published Aug 28, 2025· Updated Feb 26, 2026
Kibana privilege escalation via reporting_user role
CVE-2025-25010
Description
Incorrect authorization in Kibana can lead to privilege escalation via the built-in reporting_user role which incorrectly has the ability to access all Kibana Spaces.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versions
>= 9.0.0, < 9.0.6+ 1 more
- (no CPE)range: >= 9.0.0, < 9.0.6
- (no CPE)range: >= 9.0.0, < 9.0.6
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.