Unrated severityNVD Advisory· Published May 6, 2025· Updated Feb 26, 2026
Kibana arbitrary code execution via prototype pollution
CVE-2025-25014
Description
A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- osv-coords2 versions
>= 8.3.0, < 8.18.1+ 1 more
- (no CPE)range: >= 8.3.0, < 8.18.1
- (no CPE)range: >= 8.3.0, < 8.17.6
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.