CVE-2025-25012 needs Kibana 8.17.3

fbacchella · March 6, 2025, 1:14pm

Is there an official release about this high level CVE ?

It implies integration, that are not good friends with Search Guard any way. Does it make worse or does SG is protected ?

nils · March 7, 2025, 5:47am

You can find a new release of Search Guard for ES 8.17.3 here:

At the moment, the analysis on how Kibana with SG was affected or not is however not finished.

Topic		Replies	Views
Kibana Cross-Site Scripting (ESA-2023-05) and Kibana arbitrary code execution (ESA-2023-07) Search Guard	2	405	May 30, 2023
Search Guard 24.3 for Elasticsearch 6.7.0 released Announcements	1	689	April 16, 2019
SG support for ES 7.8.1 Announcements	4	537	August 17, 2020
Searchguard for Elasticsearch 7.17.14 Search Guard	3	313	November 16, 2023
Need a Compatible version of search guard for ELK 8.0 Search Guard	3	446	June 8, 2022