{"data":{"id":"2cef7e03-bdf3-4420-bfea-47d8729e74f2","title":"CVE-2025-25014: A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine lea","summary":"CVE-2025-25014 is a prototype pollution vulnerability (a type of bug where an attacker modifies the basic template that objects are built from) in Kibana that allows attackers to execute arbitrary code (run commands they shouldn't be able to run) by sending specially crafted HTTP requests (malicious web requests) to machine learning and reporting endpoints. The vulnerability affects multiple versions of Kibana and was identified by Elastic.","solution":"A security update is available from Elastic for Kibana versions 8.17.6, 8.18.1, or 9.0.1, as referenced in the Elastic vendor advisory at https://discuss.elastic.co/t/kibana-8-17-6-8-18-1-or-9-0-1-security-update-esa-2025-07/377868.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-25014","publishedAt":"2025-05-06T18:15:37.857Z","cveId":"CVE-2025-25014","cweIds":["CWE-1321"],"cvssScore":"9.1","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Elastic","Kibana"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.02535,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}