Incorrect authorization in Kibana can lead to privilege escalation via the built-in reporting_user role which incorrectly has the ability to access all Kibana Spaces.
Metrics
Affected Vendors & Products
References
History
Fri, 29 Aug 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 28 Aug 2025 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Elastic
Elastic kibana |
|
Vendors & Products |
Elastic
Elastic kibana |
Thu, 28 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 28 Aug 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Incorrect authorization in Kibana can lead to privilege escalation via the built-in reporting_user role which incorrectly has the ability to access all Kibana Spaces. | |
Title | Kibana privilege escalation via reporting_user role | |
Weaknesses | CWE-863 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: elastic
Published:
Updated: 2025-08-29T03:55:24.370Z
Reserved: 2025-01-31T15:28:16.917Z
Link: CVE-2025-25010

Updated: 2025-08-28T18:19:07.344Z

Status : Awaiting Analysis
Published: 2025-08-28T16:15:34.460
Modified: 2025-08-29T16:24:29.730
Link: CVE-2025-25010


Updated: 2025-08-28T21:21:38Z