{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T12:55:50.083","vulnerabilities":[{"cve":{"id":"CVE-2025-25016","sourceIdentifier":"security@elastic.co","published":"2025-05-01T14:15:36.930","lastModified":"2025-10-02T16:34:04.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation."},{"lang":"es","value":"La carga de archivos sin restricciones en Kibana permite que un atacante autenticado comprometa la integridad del software al cargar un archivo malicioso manipulado debido a una validación insuficiente del lado del servidor."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"7.17.0","versionEndExcluding":"7.17.19","matchCriteriaId":"0DC57515-89D2-4FFA-A59B-4EFF3C30A2A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.13.0","matchCriteriaId":"C0A0BAA8-2287-4FD4-B015-0977E29F79BB"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-7-17-19-and-8-13-0-security-update-esa-2024-47/377711","source":"security@elastic.co","tags":["Patch","Vendor Advisory"]}]}}]}