The vulnerabilities stem from inadequate origin validation in the Observability AI Assistant component.
The primary vulnerability, tracked as CVE-2025-37734 under Elastic Security Advisory ESA-2025-24, involves an origin validation error in Kibana.
This flaw allows attackers to forge Origin HTTP headers, bypassing security controls designed to prevent unauthorized requests from external sources.
By exploiting this weakness, malicious actors can craft requests that trick Kibana into sending requests to unintended destinations or executing unintended actions.
| Field | Details |
|---|---|
| CVE ID | CVE-2025-37734 |
| Vulnerability Type | Origin Validation Error (SSRF) |
| CVSS Score | 4.3 (Medium) |
| Attack Vector | Network |
| Affected Versions | 8.12.0-8.19.6, 9.1.0-9.1.6, 9.2.0 |
| Patch Versions | 8.19.7, 9.1.7, 9.2.1 |
The SSRF vulnerability enables attackers to access internal network resources or services that should remain isolated from external access.
This can lead to information disclosure, lateral movement within networks, or further exploitation of backend systems.
The vulnerability affects multiple Kibana versions, making it a widespread concern for organizations running affected deployments.
Elastic researchers report that the vulnerability only affects deployments actively using the Observability AI Assistant feature. The vulnerability impacts: Kibana 8.12.0 through 8.19.6, Kibana 9.1.0 through 9.1.6, and Kibana 9.2.0.
Organizations without this component enabled are not affected by this flaw, which has a medium severity rating (CVSS v3.1 score of 4.3).
While this may seem moderate, the impact should not be underestimated given the potential for unauthorized internal network access and data manipulation.
Elastic has released patched versions addressing this vulnerability. Organizations should immediately upgrade to: Kibana 8.19.7, Kibana 9.1.7, and Kibana 9.2.1.
Elastic Cloud Serverless customers are already protected, as continuous deployment and patching models remediated this vulnerability before public disclosure.
Organizations unable to upgrade immediately should consider turning off the Observability AI Assistant feature until patches can be applied.
Additionally, implementing network segmentation and access controls can help limit the potential impact of SSRF exploitation.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks appeared first on Cyber Security News.
The malicious npm package js-logger-pack (versions up to 1.1.27) has evolved, turning Hugging Face into…
The malicious npm package js-logger-pack (versions up to 1.1.27) has evolved, turning Hugging Face into…
The malicious npm package js-logger-pack (versions up to 1.1.27) has evolved, turning Hugging Face into…
Tension: Being indispensable at work doesn’t guarantee meaningful connections outside of it. Noise: We mistake…
Editor’s note: This article was originally written by Justin Brown and has been updated in…
DC Universe chief James Gunn has confirmed that upcoming movie Clayface, which just received its…
This website uses cookies.