CVE-2025-25012 action required?

Hi,
Enterprise 1.59.0_es8.15.1

Is this something that also impacts when using ROR or not?

Thanks for checking.

Hi,

As I see there is no public exploit or POC available right now, but based on this post Kibana 8.17.3 Security Update (ESA-2025-06) - Security Announcements - Discuss the Elastic Stack

In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role.

In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all , integrations-all , actions:execute-advanced-connectors

In the ReadonlyREST plugin, these above conditions won’t be met, however since we don’t know the attack vector, I would recommend following elastic team recommendations:

Users should upgrade to Kibana version 8.17.3.
For users that cannot upgrade:
Set xpack.integration_assistant.enabled: false in Kibana’s configuration.

2 Likes