CVE-2025-68422
- Source
- https://cve.org/CVERecord?id=CVE-2025-68422
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68422.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-68422
- Aliases
- Downstream
- Related
- Published
- 2025-12-18T23:15:49.873Z
- Modified
- 2026-04-10T05:35:06.595925Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of live queries.
- References
Affected packages
Git / github.com/elastic/kibana
Affected ranges
- Type
- GIT
- Repo
- https://github.com/elastic/kibana
- Events
-
IntroducedLast affectedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "7.0.0" }, { "last_affected": "7.17.29" }, { "introduced": "8.0.0" }, { "fixed": "8.19.7" }, { "introduced": "9.0.0" }, { "fixed": "9.1.7" }, { "introduced": "0" }, { "last_affected": "9.2.0" } ] }
Affected versions
7.*
7.0-known-good
Other
deploy@1693594780
deploy@1693609987
deploy@1693853982
deploy@1693860790
deploy@1693866333
deploy@1694087994
deploy@1694162455
deploy@1694506029
deploy@1694683198
deploy@1695286747
deploy@1696328885
deploy@1696415195
deploy@1696508231
deploy@1696618725
deploy@1696873111
deploy@1697028216
deploy@1697232175
deploy@1697564183
deploy@1698046713
deploy@1698657637
deploy@1699260155
deploy@1699865290
deploy@1700491293
deploy@1701160888
deploy@1701687168
deploy@1702284899
deploy@1702367069
deploy@1702879551
deploy@1702903357
deploy@1703484304
deploy@1704089101
deploy@1704693922
deploy@1705298718
deploy@1705306975
deploy@1705903520
deploy@1706508321
deploy@1707113127
deploy@1707717945
deploy@1708322739
deploy@1708927574
deploy@1709532332
deploy@1709533819
deploy@1710137117
deploy@1710146776
deploy@1710741924
deploy@1711370131
deploy@1711952105
deploy@1712566963
deploy@1713161715
deploy@1713766425
deploy@1714371303
deploy@1714976069
deploy@1715580861
deploy@1716185667
deploy@1716790412
deploy@1716800745
deploy@1717395230
deploy@1717401777
deploy@1718000036
deploy@1718616070
deploy@1719209622
deploy@1719814351
deploy@1720419201
deploy@1721023892
deploy@1721628835
deploy@1722233551
deploy@1722838314
deploy@1723443177
deploy@1724047965
deploy@1724652827
deploy@1725257503
deploy@1725862301
deploy@1726473511
deploy@1727071987
deploy@1727676838
deploy@1728281754
deploy@1728886420
deploy@1729491328
deploy@1730095989
deploy@1730700921
deploy@1731305644
deploy@1731910526
deploy@1732515196
deploy@1733120035
deploy@1733724770
deploy@1734329529
deploy@1734934371
deploy@1735539127
deploy@1736144018
deploy@1736748791
deploy@1737353792
deploy@1737958429
deploy@1738563299
deploy@1739168190
deploy@1739772912
deploy@1740377517
deploy@1740982600
deploy@1741587091
deploy@1742191921
deploy@1742796690
deploy@1743401509
deploy@1744006300
deploy@1744611164
deploy@1745272860
deploy@1745820726
deploy@1746425571
deploy@1747030444
deploy@1747635089
deploy@1748239962
deploy@1748844884
deploy@1748942782
deploy@1749449628
deploy@1750054502
deploy@1750659199
deploy@1751264043
deploy@1751277018
deploy@1751868905
deploy@1752473612
deploy@1753078461
deploy@1753683246
deploy@1754288252
deploy@1754931892
deploy@1755497723
deploy@1756102496
deploy@1756707119
deploy@1757311879
deploy@1757916930
deploy@1758521525
deploy@1759126366
test-depl-20231013154558
test-depl-20231025084603
v4.*
v4.0.0-beta1
v4.0.0-beta1.1
v4.0.0-beta2
v4.0.0-beta3
v4.2.0-beta1
v5.*
v5.0.0-alpha5
v6.*
v6.0.0-alpha1
v6.0.0-alpha2
v7.*
v7.0.0-alpha1
v7.0.0-alpha2
v7.16.0
v7.16.1
v7.17.0
v7.17.1
v7.17.10
v7.17.11
v7.17.12
v7.17.13
v7.17.14
v7.17.15
v7.17.16
v7.17.17
v7.17.18
v7.17.19
v7.17.2
v7.17.20
v7.17.21
v7.17.22
v7.17.23
v7.17.24
v7.17.25
v7.17.26
v7.17.27
v7.17.28
v7.17.29
v7.17.3
v7.17.4
v7.17.5
v7.17.6
v7.17.7
v7.17.8
v7.17.9
v8.*
v8.0.0-alpha1
v8.0.0-alpha2
v8.19.0
v8.19.1
v8.19.2
v8.19.3
v8.19.4
v8.19.5
v8.19.6
v9.*
v9.1.0
v9.1.1
v9.1.2
v9.1.3
v9.1.4
v9.1.5
v9.1.6
v9.2.0