Kibana 8.12.x < 8.19.7 / 9.1.x < 9.1.7 / 9.2.x < 9.2.1 (ESA-2025-24)

The version of Kibana installed on the remote host is prior to 8.19.7, 9.1.7, or 9.2.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2025-24 advisory. - Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by...

CVE-2025-37734

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

CVE-2025-37734

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

Origin Validation Error

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Origin Validation Error via improper validation of the Origin HTTP header in the Observability AI Assistant. An attacker can make...

CVE-2025-37734

CVE-2025-37734 describes an Origin Validation Error in Kibana that can enable Server-Side Request Forgery when a forged Origin header is processed by the Observability AI Assistant. Publicly cited details indicate affected Kibana versions include 8.12.x prior to 8.19.7, 9.1.x prior to 9.1.7, and ...

EUVD-2025-124976

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

CVE-2025-37734 Kibana Origin Validation Error

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...