Organizations using Kibana for security monitoring (via Elastic Security) face heightened risks, as attackers could disable alerts or manipulate threat-detection pipelines. By injecting malicious payloads into these workflows, attackers can manipulate JavaScript object prototypes, a technique known as prototype pollution, to bypass security controls and execute arbitrary code. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A critical security vulnerability in LibreOffice tracked as CVE-2025-1080, has exposed millions of users to potential remote code execution attacks through manipulated macro URLs. The flaw, rated 9.9 on the CVSS v3.1 scale, stems from a prototype pollution issue in Kibana’s file upload handler and HTTP request processing. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Organizations fail to patch risk regulatory penalties under GDPR and HIPAA, given Kibana’s frequent processing of sensitive data. This attack vector is classified under CWE-1321 (Improper Control of Prototype-Based Attribute Modifications) and aligns with MITRE ATT&CK tactic T1059 (Command and Scripting Interpreter). This incident underscores the critical need for real-time vulnerability monitoring in data analytics platforms. She is covering various cyber security incidents happening in the Cyber Space. Elastic’s advisory warns that exploitation is “trivial” for attackers with valid credentials, requiring no advanced tooling or reverse engineering.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 06 Mar 2025 10:55:44 +0000