Do I need to upgrade?. Kibana 8.17.3 Security Update (ESA-2025-06)

Elastic Stack Elasticsearch
, ,
1

Hi Elastic Team Member, @ikakavas,

I have read the information from Ikakavas, I am very concerned about my system. But I also want to ask you some questions. Please help me answer my questions.

  • I am using ELK cluster version 7.9.0, So when upgrading, do I need to follow the roadmap (From 7.9.0 to 7.17.x and From 7.17.x to 8.x?)

  • Before upgrading, what is the most important data I need to backup?

  • If my internal version 7.9.0 is stable and does not have any serious security holes. Then follow the method you suggested " Set xpack.integration_assistant.enabled: false in Kibana's configuration. "

Hope to receive feedback from the Team soon.

2
3

I found out that kibana version 7.9.0 is not affected.

4

Hi @Nghia_D_ng

Yes if you want to use your existing cluster you must migrate to 7.17.x before migrating to 8.x

Once you get to 7.17.x you will want to run the Upgrade Assistant and fix all the critical issues at the very least

I mean this genuinely, if your data is important you should snapshot all of it... including the system indices...

1 Like
5

Sorry @stephenb ,
I want to know if ELK version 7.9.0 is affected by this ESA-2025-06 bug?

6

I can not interpret these announcements for you as there is a clear statement of Affected Versions in Kibana 8.17.3 Security Update (ESA-2025-06) announcement, you should look at that.

Version 7.9.0 is VERY VERY old you should check what CVEs exist for that version. Our normal advice would be to upgrade as a matter of urgency.