Critical Kibana Flaws Enable Heap Corruption and Remote Code Execution

A critical vulnerability (CVE-2025-2135, CVSS 9.9) in Kibana—Elastic’s data visualization tool—exposes systems to heap corruption and remote code execution (RCE) via a Chromium Type Confusion flaw in its reporting engine. Attackers can exploit it by tricking users into opening a malicious HTML page. Affected versions include Kibana 7.17.28 and earlier, 8.0.0–8.17.7, 8.18.0–8.18.2, and 9.0.0–9.0.2.

Read More
Home >News
thumb-image

Solutions

Read More