Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-36)

ismisepaul · December 18, 2025, 9:26pm

Kibana Allocation of Resources Without Limits or Throttling (ESA-2025-36)

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.

Affected Versions:

7.x: All versions
8.x: All versions from 8.0.0 up to and including 8.19.8
9.x:
- All versions from 9.0.0 up to and including 9.1.8
- All versions from 9.2.0 up to and including 9.2.2

Solutions and Mitigations:

The issue is resolved in version 8.19.9, 9.1.9, and 9.2.3.

Severity: CVSSv3.1: 6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2025-68389

Topic	Replies	Views
Kibana 7.17.23/8.15.0 Security Updates (ESA-2024-32, ESA-2024-33) Security Announcements	2221	January 23, 2025
Kibana 7.17.23 and 8.14.2 Security Update (ESA-2024-26) Security Announcements	1291	January 21, 2025
Kibana 8.19.7, 9.1.7, and 9.2.1 Security Update (ESA-2025-39) Security Announcements	85	December 18, 2025
Kibana 7.17.23 and 8.15.1 Security Update (ESA-2024-36) Security Announcements	1040	April 8, 2025
Kibana 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-38) Security Announcements	71	December 18, 2025

Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-36)

Related topics