CVE-2025-25012
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-25012
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-25012.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-25012
- Aliases
- Published
- 2025-06-25T12:15:19.920Z
- Modified
- 2025-12-02T21:00:21.299028Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.
- References
Affected packages
Git / github.com/elastic/elasticsearch
Database specific
vanir_signatures
[
{
"source": "https://github.com/elastic/elasticsearch/commit/580aff1a0064ce4c93293aaab6fcc55e22c10d1c",
"signature_version": "v1",
"id": "CVE-2025-25012-27c0ea2c",
"deprecated": false,
"digest": {
"line_hashes": [
"325346763520944012913154789921944685178",
"61552211637263319266280212069306163976",
"238965232618491914774102510476003231761",
"91842554885795545908575250797740073380",
"41186032155842938062122952139992001177",
"26650412168015143841783692789907731833",
"156855889974115839096909303362391651478",
"5255688417597662836316466950746456815",
"267688007740415870942430918212022655160",
"123593297690308739122442988051348431664",
"207083930239604338592887667635525018029",
"285979066839997041627241454323751656105",
"89817169799828182270847485303899076995",
"259726165486981002704425065102702119655",
"228443004802496231376269442754123243387",
"110553570186771583072883260970124481256",
"159259824297904330471361141933251778658",
"15965688380580672478116053669808152101",
"33955976224007740005314928988632842514",
"189421514390395652693360186541539881292",
"235537949590647007651887994723552170873",
"160154105448877168464243405801723143273"
],
"threshold": 0.9
},
"target": {
"file": "build-tools/src/main/java/org/elasticsearch/gradle/plugin/PluginBuildPlugin.java"
},
"signature_type": "Line"
},
{
"source": "https://github.com/elastic/elasticsearch/commit/580aff1a0064ce4c93293aaab6fcc55e22c10d1c",
"signature_version": "v1",
"id": "CVE-2025-25012-53cfa8b6",
"deprecated": false,
"digest": {
"length": 872.0,
"function_hash": "217069498392094122099161240975043925563"
},
"target": {
"file": "build-tools/src/main/java/org/elasticsearch/gradle/plugin/PluginBuildPlugin.java",
"function": "configurePublishing"
},
"signature_type": "Function"
},
{
"source": "https://github.com/elastic/elasticsearch/commit/580aff1a0064ce4c93293aaab6fcc55e22c10d1c",
"signature_version": "v1",
"id": "CVE-2025-25012-7365feaf",
"deprecated": false,
"digest": {
"line_hashes": [
"270464534409354986261763716525045464983",
"227207832886699725163045304921806508418",
"82592531520277924985580254628226686204",
"116285117003426191198584459082216742860",
"63126585333495968821346326973767482129",
"281915879393945016910658230161970023819",
"158179363007626669286354249716512138616",
"255192158583294586491439740642803969954"
],
"threshold": 0.9
},
"target": {
"file": "build-conventions/src/main/java/org/elasticsearch/gradle/internal/conventions/PublishPlugin.java"
},
"signature_type": "Line"
},
{
"source": "https://github.com/elastic/elasticsearch/commit/580aff1a0064ce4c93293aaab6fcc55e22c10d1c",
"signature_version": "v1",
"id": "CVE-2025-25012-d3514893",
"deprecated": false,
"digest": {
"length": 1603.0,
"function_hash": "189731854327035424288987977333441591101"
},
"target": {
"file": "build-conventions/src/main/java/org/elasticsearch/gradle/internal/conventions/PublishPlugin.java",
"function": "configurePublications"
},
"signature_type": "Function"
}
]