New Kibana Vulnerabilities Allow Attackers to Embed Malicious Scripts

Elastic has released critical security updates to address a dangerous cross-site scripting (XSS) vulnerability affecting multiple versions of Kibana. The vulnerability, tracked as CVE-2025-68385, allows authenticated attackers to inject malicious scripts into web pages served to other users. Vulnerability Details The flaw stems from improper input neutralization during web page generation, specifically within Kibana’s Vega […] The post New Kibana Vulnerabilities Allow Attackers to Embed Malicious Scripts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/new-kibana-vulnerabilities/