CNNVD-202512-2614 Information

CNNVD ID

CNNVD-202512-2614

Related CVE

CVE-2025-37732

• CNNVD Published: 2025-12-15

Description (Chinese)

Elastic Kibana是Elastic公司的一个可用数据可视化仪表板软件。 Elastic Kibana存在安全漏洞，该漏洞源于网页生成期间输入中和不当，可能导致经过身份验证的用户通过集成包上传功能在用户浏览器中渲染HTML标签。

Description (English)

Elastic Kibana is a usable data visualization dashboard software for Elastic. Elastic Kibana has a security loophole, which stems from inappropriate input during web page generation, which may lead to an authentication user replicating HTML tags in the user browser through an integrated package upload.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Elastic

Published

2025-12-15

Last Modified

2026-02-24

References

https://discuss.elastic.co/t/kibana-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-28/384064 https://access.redhat.com/security/cve/cve-2025-37732

Patch

https://discuss.elastic.co/t/kibana-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-28/384064