Kibana: Prototype Pollution via HTTP Requests to ML and Reporting Endpoints - Proactive Insights and Support For Open-Source Applications

In Kibana versions 8.3.0 to 8.17.5, 8.18.0 and 9.0.0 a critical severity vulnerability CVE-2025-25014 was detected. This vulnerability allows attackers to achieve arbitrary code execution through prototype pollution by sending crafted HTTP requests to machine learning and reporting endpoints. To address this issue, users should upgrade Kibana to versions 8.17.6, 8.18.1 or 9.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25014.