Kibana is a data visualization platform built on top of Elasticsearch. It allows users to create and share dashboards, visualize data, and perform various analytics tasks. The vulnerability in Kibana (CVE-2025-37732) arises from improper neutralization of input during web page generation, allowing an authenticated user to render HTML tags within a user's browser via the integration package upload functionality.
You're affected if you use Kibana version 8.19.8 or earlier. To check your version, run the following command: curl -s https://kibana.example.com/_status (Note: This command may not work for all users, as it relies on the server's configuration.)
If you don't recognize the name "Kibana," you're probably not affected. Kibana is a popular data visualization platform used by organizations to analyze and visualize their data.
To fix this vulnerability, upgrade to Kibana version 8.19.9 or later. You can do this by running the following command in your terminal:
curl -s https://artifacts.elastic.co/gpg/key.asc | sudo apt-key add -
sudo sh -c 'echo "deb [arch=amd64] https://artifacts.elastic.co/kibana release" >> /etc/apt/sources.list.d/kibana.list'
sudo apt-get update && sudo apt-get install kibana
Alternatively, you can download the patch from the official Kibana GitHub repository: https://github.com/elastic/kibana/releases/tag/v8.19.9
Immediate mitigations:
- Restrict network access to your Kibana instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation