CVE-2025-68422

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-68422
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68422.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-68422
Aliases
Published
2025-12-18T23:15:49.873Z
Modified
2025-12-25T03:44:59.573405Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of live queries.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Introduced
1b6a7ece17463df5ff54a3e1302d825889aa1161
Fixed
198d86868932741b4e0d184425510217febc27d1

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "87973156245404004901157156197252476295",
                "317301723513968645256735115182799239909",
                "34483913267341345077734435543786141146",
                "96430500502949260309981307877992601785",
                "127518069945181260477538726763075744704",
                "219337533429638017097475052148675132976",
                "420531683640021358963488244351018441",
                "227583903981385669652097563859624396268",
                "329341308206552947868896370615104826051",
                "54380763793061404957457997079793096729",
                "257131606868264344209252935558899424447"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "x-pack/plugin/transform/qa/single-node-tests/src/javaRestTest/java/org/elasticsearch/xpack/transform/integration/TransformPivotRestIT.java"
        },
        "source": "https://github.com/elastic/elasticsearch/commit/198d86868932741b4e0d184425510217febc27d1",
        "signature_type": "Line",
        "id": "CVE-2025-68422-02111b81"
    },
    {
        "digest": {
            "function_hash": "244227877865042808261390982377746257537",
            "length": 641.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "value",
            "file": "x-pack/plugin/transform/src/main/java/org/elasticsearch/xpack/transform/transforms/pivot/AggregationResultUtils.java"
        },
        "source": "https://github.com/elastic/elasticsearch/commit/198d86868932741b4e0d184425510217febc27d1",
        "signature_type": "Function",
        "id": "CVE-2025-68422-1dbb4604"
    },
    {
        "digest": {
            "line_hashes": [
                "709843642339146015468947825752612345",
                "52503817861039737041756639012120089787",
                "318690857755301201023824454478332786821",
                "129113998543793770165379391235766623996"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "x-pack/plugin/transform/src/main/java/org/elasticsearch/xpack/transform/transforms/pivot/AggregationResultUtils.java"
        },
        "source": "https://github.com/elastic/elasticsearch/commit/198d86868932741b4e0d184425510217febc27d1",
        "signature_type": "Line",
        "id": "CVE-2025-68422-4c1779e9"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68422.json"

Git / github.com/elastic/kibana

Affected ranges

Type
GIT
Repo
https://github.com/elastic/kibana
Events
Introduced
57ca5e139a33dd2eed927ce98d8231a1f217cd15
Fixed
28cf679904329ed50de370ff1e1e71f1b57996a1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68422.json"