Q rel ESA-2025-06

fizek · March 11, 2025, 9:46am

ESA-2025-06 is a security advisory about a prototype pollution vulnerability. This avisory references the following CVE ID : CVE-2025-25012

Is self-hosted kibana in enterprise version affected?
It is not clear in above advisory.

Thank you.

carly.richmond · March 11, 2025, 9:54am

Hi @fizek,

Welcome to the community! To confirm are you running a self-hosted Kibana instance running with an enterprise license? Which version are you running?

fizek · March 11, 2025, 10:00am

Yes, i'm running a self-hosted Kibana instance with an enterprise license in version 8.17.1.

I wonder do I need to upgrade whole stack to latest 8.17.3.

carly.richmond · March 11, 2025, 10:26am

No worries @fizek. Let me follow up internally and confirm. I'll keep you posted.

carly.richmond · March 11, 2025, 1:17pm

Hi @fizek,

I've followed up and since you have an enterprise version we recommend either upgrading or following the xpack.integration_assistant.enabled: false remediation as covered in the announcement here.

Hope that helps!

fizek · March 11, 2025, 2:08pm

I know I already marked your answer as the solution, but I have an additional (related) question.

What does xpack.integration_assistant.enabled: false actually do? I couldn't find anything relevant in the documentation.

Ahmed_Khan · March 12, 2025, 5:56am

Topic		Replies	Views
Question related to ESA-2025-06 (security advisory) Elastic Security	1	482	March 7, 2025
ELK Security Kibana	6	124	August 26, 2024
Elastic 7.17.9, 8.5.0 and 8.6.1 Security Update Security Announcements	0	15064	February 3, 2023
Kibana arbitrary code execution (ESA-2023-07) Does this affect Elasticsearch 8.5.2 with Kibana 8.5.2 Kibana docker	1	197	October 19, 2023
Kibana 8.17.3 Security Update (ESA-2025-06) Security Announcements	0	10689	March 5, 2025

Q rel ESA-2025-06

Related topics