{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-25018", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2025-01-31T15:28:16.918Z", "datePublished": "2025-10-10T09:50:35.448Z", "dateUpdated": "2025-10-14T03:55:14.473Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Kibana", "repo": "https://github.com/kibana", "vendor": "Elastic", "versions": [{"lessThanOrEqual": "7.17.29", "status": "affected", "version": "7.0.0", "versionType": "semver"}, {"lessThanOrEqual": "8.18.7", "status": "affected", "version": "8.0.0", "versionType": "semver"}, {"lessThanOrEqual": "8.19.4", "status": "affected", "version": "8.19.0", "versionType": "semver"}, {"lessThanOrEqual": "9.0.7", "status": "affected", "version": "9.0.0", "versionType": "semver"}, {"lessThanOrEqual": "9.1.4", "status": "affected", "version": "9.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">Improper Neutralization of Input During Web Page Generation</span> in Kibana can lead to stored Cross-Site Scripting (XSS)</p><br><br>"}], "value": "Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2025-10-10T09:51:21.105Z"}, "references": [{"url": "https://https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-17/382451"}], "source": {"discovery": "UNKNOWN"}, "title": "Kibana Stored Cross-Site Scripting (XSS)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-09T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-25018"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T03:55:14.473Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-25018", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-10T16:47:05.987833Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-10T16:47:36.666Z"}}], "cna": {"title": "Kibana Stored Cross-Site Scripting (XSS)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kibana", "vendor": "Elastic", "product": "Kibana", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.17.29"}, {"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.18.7"}, {"status": "affected", "version": "8.19.0", "versionType": "semver", "lessThanOrEqual": "8.19.4"}, {"status": "affected", "version": "9.0.0", "versionType": "semver", "lessThanOrEqual": "9.0.7"}, {"status": "affected", "version": "9.1.0", "versionType": "semver", "lessThanOrEqual": "9.1.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-17/382451"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">Improper Neutralization of Input During Web Page Generation</span> in Kibana can lead to stored Cross-Site Scripting (XSS)</p><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2025-10-10T09:51:21.105Z"}}}, "cveMetadata": {"cveId": "CVE-2025-25018", "state": "PUBLISHED", "dateUpdated": "2025-10-14T03:55:14.473Z", "dateReserved": "2025-01-31T15:28:16.918Z", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "datePublished": "2025-10-10T09:50:35.448Z", "assignerShortName": "elastic"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)"}], "id": "CVE-2025-25018", "lastModified": "2025-10-14T19:37:28.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "bressers@elastic.co", "type": "Secondary"}]}, "published": "2025-10-10T10:15:33.743", "references": [{"source": "bressers@elastic.co", "url": "https://https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-17/382451"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "bressers@elastic.co", "type": "Secondary"}]}

{"bugzilla": {"description": "Kibana: Kibana Stored Cross-Site Scripting (XSS)", "id": "2403039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403039"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)"], "mitigation": {"lang": "en:us", "value": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-25018", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/cluster-logging-rhel9-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/elasticsearch-rhel9-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "kibana", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/tempo-jaeger-query-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "puppet-kibana3", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2025-10-10T09:50:35Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-25018\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-25018"], "statement": "This vulnerability is considered Important rather than Moderate because it enables persistent client-side code execution within a shared analytics environment. Unlike reflected or transient XSS flaws, the injected payload in CVE-2025-25018 is stored on the Kibana server and automatically executed whenever affected dashboards or visualizations are viewed by other authenticated users. This persistence increases both impact and reach, allowing lateral compromise across user sessions and potential exfiltration of sensitive data from Elasticsearch queries or credentials stored in the browser.", "threat_severity": "Important"}