Summary
A medium-severity open redirect in Kibana, CVE-2025-25012, can send users to malicious sites, enabling phishing or SSRF. Versions 7.0.0, 8.0.0, 8.18.0, and 9.0.0 are affected. Fixes include updating to patched versions or, temporarily, enforcing URL validation for trusted destinations only.
Urgent Actions Required
- Update Kibana to the patched releases confirmed in the advisories, including 7.17.29, 8.17.8, or 8.18.3, or 9.0.3.
- If immediate upgrading is not possible, enforce strict URL validation to ensure redirects only point to trusted domains.
Which Systems Are Vulnerable to CVE-2025-25012?
Technical Overview
- Vulnerability Type: Open Redirect leading to potential server-side request forgery (SSRF)
- Affected Software/Versions:
- Kibana up to and including 7.17.28
- Kibana 8.0.0 through 8.17.7
- Kibana 8.18.0 through 8.18.2
- Kibana 9.0.0 through 9.0.2
- Attack Vector: Network (crafted URLs)
- CVSS Score: 5.4
- CVSS Vector: v3.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
- Patch Availability: Yes, available
How Does the CVE-2025-25012 Exploit Work?
The attack typically follows these steps:
What Causes CVE-2025-25012?
Vulnerability Root Cause:
The issue happens because Kibana doesn’t properly check the destinations used in Short URLs in areas like Discover, Dashboard, and the Visualization Library. Weak URL checks can let attackers trigger SSRF and create links that send users to harmful sites.
How Can You Mitigate CVE-2025-25012?
If immediate patching is delayed or not possible:
- Administrators of self-hosted environments using a Basic license should limit access to Kibana features that allow generating Short URLs.
- Restrict access to Dashboard → All
- Restrict access to Discover → All
Which Assets and Systems Are at Risk?
Asset Types Affected:
- Kibana installations using Short URLs within:
- Discover
- Dashboard
- Visualization Library
Remediation & Response
Remediation Timeline:
- Immediate:
Apply configuration restrictions if upgrading is not possible. For self-hosted Basic license installations, restrict access to features that allow generating Short URLs:- – Dashboard → All
- – Discover → All
- As soon as feasible: Upgrade Kibana to fixed versions.
Where Can I Find More Information on CVE-2025-25012?
CVSS Breakdown Table
| Metric | Value | Description |
|---|---|---|
| Base Score | 5.4 | Medium-severity issue |
| Attack Vector | Network | The vulnerability can be exploited remotely over a network |
| Attack Complexity | Low | The attack does not require special conditions or advanced setup |
| Privileges Required | Low | The attacker needs low-level permissions to trigger the vulnerability |
| User Interaction | Required | Successful exploitation depends on user involvement |
| Scope | Changed | Exploitation may impact components beyond the initially affected one |
| Confidentiality Impact | Low | Limited exposure of information is possible |
| Integrity Impact | Low | Only minor unauthorized data changes are possible |
| Availability Impact | None | The vulnerability does not affect system availability |
