CVE-2025-25016

🗓️ 01 May 2025 13:09:16Reported by elasticType

Unrestricted file upload in Kibana allows attack via crafted malicious file due to poor validation.

Reporter	Title	Published	Views	Family All 11
CNNVD	Elastic Kibana 安全漏洞	1 May 202500:00	–	cnnvd
Cvelist	CVE-2025-25016 Kibana Unrestricted Upload of File	1 May 202513:09	–	cvelist
Elastic	Kibana 7.17.19 and 8.13.0 Security Update (ESA-2024-47)	1 May 202510:15	–	elastic
EUVD	EUVD-2025-13046	3 Oct 202520:07	–	euvd
Tenable Nessus	Kibana 7.17.x < 7.17.19 / 8.0.x < 8.13.0 File Upload (ESA-2024-47)	9 May 202500:00	–	nessus
NVD	CVE-2025-25016	1 May 202514:15	–	nvd
OSV	BIT-ELK-2025-25016 Kibana Unrestricted Upload of File	3 May 202505:39	–	osv
OSV	BIT-KIBANA-2025-25016 Kibana Unrestricted Upload of File	3 May 202505:46	–	osv
Positive Technologies	PT-2025-18418 · Elastic · Kibana	1 May 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-25016	3 May 202513:11	–	redhatcve

NVD

Node

elastic kibanaRange7.17.0–7.17.19

elastic kibanaRange8.0.0–8.13.0

[
  {
    "defaultStatus": "unaffected",
    "product": "Kibana",
    "repo": "https://github.com/elastic/kibana",
    "vendor": "Elastic",
    "versions": [
      {
        "lessThan": "7.17.18",
        "status": "affected",
        "version": "7.17.0",
        "versionType": "semver"
      },
      {
        "lessThan": "8.13.0",
        "status": "affected",
        "version": "8.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
discuss	www.discuss.elastic.co/t/kibana-7-17-19-and-8-13-0-security-update-esa-2024-47/377711

02 Oct 2025 16:34Current

4.5Medium risk

Vulners AI Score4.5

CVSS 3.14.3

EPSS0.00189

SSVC

CWE-434