Elastic has released critical security updates to address a dangerous cross-site scripting (XSS) vulnerability affecting multiple versions of Kibana.
The vulnerability, tracked as CVE-2025-68385, allows authenticated attackers to inject malicious scripts into web pages served to other users.
Vulnerability Details
The flaw stems from improper input neutralization during web page generation, specifically within Kibana’s Vega visualization component.
Attackers can bypass previous security measures designed to prevent XSS attacks.
When a malicious script is embedded in content, it gets executed in the browsers of users viewing that content, potentially compromising sensitive data or session information.
This vulnerability is classified as CWE-79 (Cross-site Scripting) and affects the entire Vega method implementation.
While the attack requires the attacker to be authenticated, the impact is severe as it can spread across multiple users accessing the same Kibana instance.
The vulnerability affects a wide range of Kibana versions, including all versions of the 7.x branch.
In the 8.x series, versions from 8.0.0 through 8.19.8 are vulnerable. The 9.x branch has two affected ranges: 9.0.0 through 9.1.8 and 9.2.0 through 9.2.2.
Elastic assigned a CVSSv3.1 score of 7.2 (High) to this vulnerability.
The score reflects multiple concerning factors: the network-based attack vector enables remote exploitation, the low complexity makes exploitation straightforward, and no user interaction is required beyond initial authentication.
The vulnerability can compromise the confidentiality and integrity of data across multiple systems.
Elastic has released patched versions to address this issue. Organizations must upgrade to Kibana 8.19.9, 9.1.9, or 9.2.3 immediately.
These versions include the necessary fixes to properly neutralize malicious input in Vega visualizations and restore the integrity of XSS protections.
Security teams should prioritize patching Kibana deployments as soon as possible. Organizations should review their Kibana instances for any suspicious visualizations or content created by authenticated users.
Implementing network segmentation and limiting Kibana access to trusted users can provide additional protection while upgrades are being prepared.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.