Unrated severityNVD Advisory· Published May 1, 2025· Updated May 6, 2025

Kibana Unrestricted Upload of File

CVE-2025-25016

Description

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.

Affected products

osv-coords2 versions
pkg:bitnami/elk pkg:bitnami/kibana
>= 7.17.0, < 7.17.18+ 1 more
- (no CPE)range: >= 7.17.0, < 7.17.18
- (no CPE)range: >= 7.17.0, < 7.17.18
Elastic/Kibanav5
Range: 7.17.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

discuss.elastic.co/t/kibana-7-17-19-and-8-13-0-security-update-esa-2024-47/377711mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000