Elastic Archives • Daily CyberSecurity

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions

Ddos November 13, 2025

Elastic has issued two security advisories addressing two vulnerabilities in Kibana, the visualization and analytics dashboard component...

Elastic Patches High-Severity Privilege Escalation Flaw in Elastic Cloud Enterprise (CVE-2025-37736) Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Patches High-Severity Privilege Escalation Flaw in Elastic Cloud Enterprise (CVE-2025-37736)

Ddos November 3, 2025

Elastic has issued a security advisory addressing a high-severity vulnerability (CVE-2025-37736, CVSS 8.8) in Elastic Cloud Enterprise...

Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection ECE Jinjava Injection, CVE-2025-37729

Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection

Ddos October 14, 2025

Elastic has released urgent security updates for Elastic Cloud Enterprise (ECE) to patch a critical vulnerability (CVE-2025-37729)...

Elastic Fixes Multiple High-Severity Vulnerabilities in Kibana and Elasticsearch Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Fixes Multiple High-Severity Vulnerabilities in Kibana and Elasticsearch

Ddos October 7, 2025

Elastic has issued five security advisories addressing five vulnerabilities affecting its Kibana and Elasticsearch components, including three...

Elastic APM Server & Beats Have Local Privilege Escalation Flaws Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic APM Server & Beats Have Local Privilege Escalation Flaws

Ddos July 30, 2025

Elastic has issued patches for two local privilege escalation (LPE) vulnerabilities affecting its popular observability tools—APM Server...

High-Severity Flaw in Kibana: Unauthorized Access Possible in Synthetic Monitoring! Kibana Vulnerability, Elastic Security

High-Severity Flaw in Kibana: Unauthorized Access Possible in Synthetic Monitoring!

Ddos June 11, 2025

Elastic has disclosed a high-severity vulnerability (CVE-2024-43706) affecting its Kibana observability platform, specifically in the Synthetic Monitoring...

CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution CVE-2024-43707 Kibana vulnerability Prototype pollution CVE-2025-25014

CVE-2024-43707 Kibana vulnerability Prototype pollution CVE-2025-25014

CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution

Ddos May 7, 2025

Elastic has issued a critical security advisory for Kibana, warning users of a vulnerability tracked as CVE-2025-25014....

CVE-2025-25015 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana

Ddos March 5, 2025

Elastic has released a security update to address a critical vulnerability in Kibana, its popular data visualization...

CVE-2024-52975 (CVSS 9.0): Fleet Server Update Patches Critical Information Exposure Vulnerability

Ddos January 26, 2025

Elastic has released a critical security update for Fleet Server, a key component of its Elastic Agent...