March 24, 2025

March 24, 2025

Critical Chrome Vulnerability Allows Attackers to Execute Arbitrary Code

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 24, 2025

Multiple GitLab Products Vulnerabilities

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 24, 2025

SvcStealer Malware Targeting Users to Extract Sensitive Data from Browsers and Applications – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 24, 2025

Critical Chrome Vulnerability Allows Attackers to Execute Arbitrary Code

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 24, 2025

Multiple GitLab Products Vulnerabilities

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 24, 2025

SvcStealer Malware Targeting Users to Extract Sensitive Data from Browsers and Applications – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

Multiple Microsoft Products Zero-Day Vulnerabilities Exploit in the Wild

March 12, 2025

CISA Warns of Active Exploitation of Critical Ivanti EPM Vulnerabilities

March 12, 2025

CVE-2025-25015 – Elastic Kibana Vulnerability

March 12, 2025

Severity

High

Analysis Summary

CVE-2025-25015

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors.

Impact

Code Execution

Indicators of Compromise

CVE

CVE-2025-25015

Affected Vendors

Elastic

Affected Products

Elastic Kibana - 8.15.0

Remediation

Refer to Elastic Security Advisory for patch, upgrade, or suggested workaround information.

Elastic Security Advisory

Platform

Managed Security Services

Assess

Transform

Train

Respond

Resources

Threat Insights

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Assess

Transform

Train

Respond

Resources

Threat Insights

Our Leadership

CSR

Connect with Us

Multiple Microsoft Products Zero-Day Vulnerabilities Exploit in the Wild

CISA Warns of Active Exploitation of Critical Ivanti EPM Vulnerabilities

Multiple Microsoft Products Zero-Day Vulnerabilities Exploit in the Wild

CISA Warns of Active Exploitation of Critical Ivanti EPM Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation