Overview Recently, NSFOCUS CERT detected that Elastic issued a security bulletin to fix the arbitrary code execution vulnerability caused by Elastic Kibana prototype contamination (CVE-2025-25014); Due to the prototype contamination problem in Kibana, an attacker with specific role privileges can bypass the authentication mechanism by constructing specially crafted file uploads and specific HTTP requests to…The post Elastic Kibana Prototype Contamination Leads to Arbitrary Code Execution Vulnerability (CVE-2025-25014) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
First seen on securityboulevard.com
Jump to article: https://securityboulevard.com/2025/05/elastic-kibana-prototype-contamination-leads-to-arbitrary-code-execution-vulnerability-cve-2025-25014/
