The flaw, tracked as CVE-2025-37728, affects multiple versions of Kibana and could allow a malicious user to access cached CrowdStrike credentials from other users within the same environment.
The vulnerability underscores the security risks associated with interconnected platforms and the importance of timely updates.
The security flaw, identified as “Insufficiently Protected Credentials in the Crowdstrike connector,” has a CVSSv3.1 score of 5.4, rating it as a medium-severity issue.
According to Elastic’s security advisory, a malicious user with access to one space in a Kibana instance can create and run a new CrowdStrike connector.
This action allows them to access cached credentials from an existing CrowdStrike connector operating in a different space.
The vulnerability essentially permits unauthorized cross-workspace access to sensitive API credentials used for communication between Kibana and the CrowdStrike Management Console.
Successful exploitation could lead to the leakage of credentials, potentially allowing an attacker to interact with the CrowdStrike platform with the privileges of the compromised account.
The vulnerability impacts a wide range of Kibana versions across multiple release lines. This includes all versions of 7.x up to 7.17.29, versions 8.14.0 through 8.18.7, versions 8.19.0 through 8.19.4, versions 9.0.0 through 9.0.7, and versions 9.1.0 through 9.1.4.
Any Kibana instance that utilizes the CrowdStrike connector within these version ranges is considered vulnerable. Elastic has addressed the issue in versions 8.18.8, 8.19.5, 9.0.8, and 9.1.5. The company strongly advises users to upgrade to one of these patched releases to resolve the security gap.
Notably, Elastic has stated that there are no workarounds available for users who cannot immediately upgrade, making patching the only viable solution.
The Kibana CrowdStrike connector is designed to facilitate the seamless integration of data between the CrowdStrike Falcon platform and Elastic, enabling automated incident correlation and telemetry onboarding.
The credentials leaked by this vulnerability are used to authenticate with the CrowdStrike REST API, making their protection critical for maintaining security posture across both platforms.
The advisory (ESA-2025-19) was part of a larger security update from Elastic that addressed several other vulnerabilities in Kibana and Elasticsearch.
Given that no alternative mitigation exists, administrators of affected Kibana deployments are urged to prioritize the update to prevent potential credential theft and subsequent misuse.
Elastic emphasizes the importance of timely updates and configuration reviews to reduce exposure to such threats.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Kibana Crowdstrike Connector Vulnerability Exposes Protected Credentials appeared first on Cyber Security News.
In September, Donald Trump claimed that "the United States is getting a tremendous fee" for…
ABILENE, Texas (KTAB/KRBC) - Two men in Abilene, a father and son, were arrested Friday…
According to Reuters, Meta is looking to offset spending on AI and data centers with…
Hulu has decided to scrap Buffy the Vampire Slayer: New Sunnydale, its planned continuation series…
Jostling a folded piece of paper, holding it marooned in the air, selectman Beth Blair…
Boscawen voters cruised through a speedy town meeting Friday night, one with so little controversy…
This website uses cookies.