Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN137

_____________________________________________________________________

DATE                : 14/03/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Kibana versions prior to
                                      8.17.3.

=====================================================================
https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441
_____________________________________________________________________


Kibana 8.17.3 Security Update (ESA-2025-06)
Announcements Security Announcements
ikakavas (Ioannis Kakavas) March 5, 2025, 9:41am 1
Kibana arbitrary code execution via prototype pollution (ESA-2025-06)

Prototype pollution in Kibana leads to arbitrary code execution via
a crafted file upload and specifically crafted HTTP requests.

In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by
users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 ,
this is only exploitable by users that have roles that contain all
the following privileges: fleet-all, integrations-all,
actions:execute-advanced-connectors

This issue does not affect self-managed Kibana instances on Basic or
Platinum licences.

This issue affects Kibana instances running on Elastic Cloud but the
code execution is limited within the Kibana Docker container.
Further exploitation such as container escape is prevented by
seccomp-bpf and AppArmor profiles.


Affected Versions:

Kibana versions >= 8.15.0 and < 8.17.3


Solutions and Mitigations:

Users should upgrade to Kibana version 8.17.3.

For users that cannot upgrade:

Set xpack.integration_assistant.enabled: false in Kibana's
configuration.

Severity: CVSSv3.1: 9.9(Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE ID: CVE-2025-25015


Updates

2025-03-07: Added details about applicability.
2025-03-06: Corrected the CVE ID. Previous versions of this
page incorrectly referenced CVE-2025-25012.

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================