Medium severity4.3NVD Advisory· Published Jun 25, 2025· Updated Jun 17, 2026
CVE-2025-25012
CVE-2025-25012
Description
URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords5 versionspkg:apk/chainguard/kibana-8.17-bitnamipkg:apk/chainguard/kibana-8.18-bitnamipkg:apk/chainguard/kibana-8.19-bitnamipkg:bitnami/elkpkg:bitnami/kibana
< 8.17.10-r11+ 4 more
- (no CPE)range: < 8.17.10-r11
- (no CPE)range: < 8.18.8-r10
- (no CPE)range: < 8.19.11-r0
- (no CPE)range: >= 7.0.0, < 7.17.29
- (no CPE)range: >= 7.0.0, < 7.17.29
Patches
Vulnerability mechanics
References
1- discuss.elastic.co/t/kibana-7-17-29-8-17-8-8-18-3-9-0-3-security-update-esa-2025-10/379444nvdIssue TrackingPatchVendor Advisory
News mentions
0No linked articles in our index yet.