CVE-2025-25009

MEDIUM5.4EPSS 0.02%

Kibana Cross-Site Scripting (XSS)

發布日:2025/10/9修改日:2025/11/6

描述

Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.

受影響套件(2)

  • Bitnami/elkfrom 0, < 8.18.8, >= 8.19.0, < 8.19.5, >= 9.0.0, < 9.0.8, >= 9.1.0, < 9.1.5
  • Bitnami/kibanafrom 0, < 8.18.8, >= 8.19.0, < 8.19.5, >= 9.0.0, < 9.0.8, >= 9.1.0, < 9.1.5

CVSS 分數

來源版本嚴重程度向量
osvCVSS 3.1MEDIUM5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(2)