CVE-2025-25010 — Vulnetix

CVE-2025-25010 PUBLISHED CVSS 9.300000190734863 CRITICAL

Kibana privilege escalation via reporting_user role

EPSS 0.04% · 13.9th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.04%

13.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	elk	9.1.0, 9.0.0, 9.0.0
Bitnami	kibana	9.0.0, 9.0.0, 9.1.0
Bitnami	elk	9.0.0, 9.1.0

Exploit Intelligence

CIRCL seen: CVE-2025-25010 (circl-sighting)
https://discuss.elastic.co/t/kibana-9-0-6-9-1-3-security-update-esa-2025-13/381426 (circl)

Timeline

Aug 28, 2025 Coalition ESS Score
Aug 28, 2025 CVE Published
Aug 29, 2025 EPSS Score
Sep 1, 2025 Coalition ESS Score
Sep 1, 2025 PoC Published
Sep 6, 2025 EPSS Score
Sep 13, 2025 EPSS Score
Sep 21, 2025 EPSS Score
Sep 29, 2025 EPSS Score
Oct 1, 2025 Coalition ESS Score
Oct 6, 2025 Coalition ESS Score
Oct 7, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›