Kibana Origin Validation Error (ESA-2025-24)
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant.
Affected Versions:
- 8.12.0 up to and including 8.19.6
- 9.1.0 up to and including 9.1.6
- 9.2.0
Affected Configurations:
Deployments using the Observability AI Assistant.
Solutions and Mitigations:
Users should upgrade to version 8.19.7, 9.1.7, and 9.2.1.
Elastic Cloud Serverless
Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.
Severity: CVSSv3.1: 4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVE ID: CVE-2025-37734