CVE-2025-68386

🗓️ 18 Dec 2025 22:21:09Reported by elasticType

Kibana improper authorization allows users to set a document to global sharing without permission.

Reporter	Title	Published	Views	Family All 20
Chainguard	CVE-2025-68386 vulnerabilities	28 Jan 202619:17	–	cgr
Circl	CVE-2025-68386	18 Dec 202523:08	–	circl
CNNVD	Elastic Kibana 安全漏洞	18 Dec 202500:00	–	cnnvd
Cvelist	CVE-2025-68386 Kibana Improper Authorization	18 Dec 202522:21	–	cvelist
Elastic	Kibana 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-38)	18 Dec 202521:28	–	elastic
EUVD	EUVD-2025-204406	19 Dec 202500:31	–	euvd
NVD	CVE-2025-68386	18 Dec 202523:15	–	nvd
OSV	BIT-ELK-2025-68386 Kibana Improper Authorization	20 Dec 202511:36	–	osv
OSV	BIT-KIBANA-2025-68386 Kibana Improper Authorization	20 Dec 202511:39	–	osv
OSV	CGA-X54X-7X8H-QC23	28 Jan 202617:32	–	osv

NVD

Node

elastic kibanaRange7.0.0–7.17.29

elastic kibanaRange8.0.0–8.19.8

elastic kibanaRange9.0.0–9.1.8

elastic kibanaRange9.2.0–9.2.2

[
  {
    "defaultStatus": "unaffected",
    "product": "Kibana",
    "vendor": "Elastic",
    "versions": [
      {
        "lessThanOrEqual": "7.17.29",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.19.7",
        "status": "affected",
        "version": "8.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.1.7",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.2.1",
        "status": "affected",
        "version": "9.2.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
discuss	www.discuss.elastic.co/t/kibana-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-38/384186

23 Dec 2025 19:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.14.3

EPSS0.00026

SSVC

CWE-863