Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks

Elastic Security has disclosed critical vulnerabilities affecting Kibana that could enable attackers to execute Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) attacks against vulnerable deployments. The vulnerabilities stem from inadequate origin validation in the Observability AI Assistant component. The primary vulnerability, tracked as CVE-2025-37734 under Elastic Security Advisory ESA-2025-24, involves an origin validation error in Kibana. […]

The post Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks appeared first on Cyber Security News.