Security Advisory

CVE-2025-68422

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-18 22:32:17

Last updated 2025-12-19 15:37:15

Assigner elastic

State PUBLISHED

Description

Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of live queries.

← Browse all CVEs View on cve.org ↗