Elastic has patched a critical prototype pollution vulnerability (CVE-2025-25012, CVSS 9.9) in Kibana, allowing arbitrary code execution via crafted file uploads and HTTP requests. The flaw affects versions 8.15.0 to 8.17.3, with fixes in 8.17.3. Exploitation depends on user roles, with mitigation available via disabling the Integration Assistant feature. Elastic previously addressed similar high-severity flaws in 2024, highlighting ongoing security concerns. Users are urged to update immediately.

‍