CVE-2025-25015

CRITICAL

Kibana 8.15.0-8.16.5 and 8.17.1-8.17.2 - Authenticated Remote Code Execution via Prototype Pollution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-25015. PoCs published by manus-use.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2025-32433, targeting Erlang/OTP SSH. The PoC demonstrates a pre-authentication RCE vulnerability by sending crafted SSH packets to execute arbitrary commands on the server.

Description

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors

Exploits (1)

github WORKING POC
by manus-use · postscriptpoc
https://github.com/manus-use/cve-pocs/tree/main/kibana-CVE-2025-25015

The repository contains functional exploit code for CVE-2025-32433, targeting Erlang/OTP SSH. The PoC demonstrates a pre-authentication RCE vulnerability by sending crafted SSH packets to execute arbitrary commands on the server.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Erlang/OTP SSH (OTP-22.3.4.17)
No auth needed
Prerequisites: Network access to the target SSH port (2222) · Vulnerable Erlang/OTP version
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.9
EPSS 0.0100
EPSS Percentile 77.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-1321
Status published
Products (1)
elastic/kibana 8.15.0 - 8.16.6
Published Mar 05, 2025
Tracked Since Feb 18, 2026