What the vulnerability does
01Description
Incorrect authorization in Kibana can lead to privilege escalation via the built-in reporting_user role which incorrectly has the ability to access all Kibana Spaces.
CVE-2025-25010
MEDIUM
CVE-2025-25010: Kibana privilege escalation via reporting_user role
CVSS base score
6.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Key dates
02Disclosure timeline
August 28, 2025
CVE published
February 26, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-15322 Tanium addressed an improper access controls vulnerability in Tanium Server.
CVE-2023-1979 Auth bypass in Web Stories for WordPress plugin
CVE-2020-25239
CVE-2023-3509 Incorrect Authorization in GitLab
CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments
