Elastic has launched a safety advisory detailing a medium-severity vulnerability within the Kibana CrowdStrike Connector that would enable for the publicity of delicate credentials.
The flaw, tracked as CVE-2025-37728, impacts a number of variations of Kibana and will enable a malicious person to entry cached CrowdStrike credentials from different customers throughout the identical setting.
The vulnerability underscores the safety dangers related to interconnected platforms and the significance of well timed updates.
Vulnerability Particulars and Influence
The safety flaw, recognized as “Insufficiently Protected Credentials within the Crowdstrike connector,” has a CVSSv3.1 rating of 5.4, score it as a medium-severity concern.
In response to Elastic’s safety advisory, a malicious person with entry to at least one house in a Kibana occasion can create and run a brand new CrowdStrike connector.
This motion permits them to entry cached credentials from an current CrowdStrike connector working in a special house.
The vulnerability primarily permits unauthorized cross-workspace entry to delicate API credentials used for communication between Kibana and the CrowdStrike Administration Console.
Profitable exploitation might result in the leakage of credentials, doubtlessly permitting an attacker to work together with the CrowdStrike platform with the privileges of the compromised account.
The vulnerability impacts a variety of Kibana variations throughout a number of launch strains. This consists of all variations of seven.x as much as 7.17.29, variations 8.14.0 via 8.18.7, variations 8.19.0 via 8.19.4, variations 9.0.0 via 9.0.7, and variations 9.1.0 via 9.1.4.
Any Kibana occasion that makes use of the CrowdStrike connector inside these model ranges is taken into account susceptible. Elastic has addressed the problem in variations 8.18.8, 8.19.5, 9.0.8, and 9.1.5. The corporate strongly advises customers to improve to one in all these patched releases to resolve the safety hole.
Notably, Elastic has said that there aren’t any workarounds obtainable for customers who can’t instantly improve, making patching the one viable answer.
The Kibana CrowdStrike connector is designed to facilitate the seamless integration of information between the CrowdStrike Falcon platform and Elastic, enabling automated incident correlation and telemetry onboarding.
The credentials leaked by this vulnerability are used to authenticate with the CrowdStrike REST API, making their safety important for sustaining safety posture throughout each platforms.
The advisory (ESA-2025-19) was half of a bigger safety replace from Elastic that addressed a number of different vulnerabilities in Kibana and Elasticsearch.
On condition that no different mitigation exists, directors of affected Kibana deployments are urged to prioritize the replace to forestall potential credential theft and subsequent misuse.
Elastic emphasizes the significance of well timed updates and configuration critiques to scale back publicity to such threats.
Cyber Consciousness Month Provide: Upskill With 100+ Premium Cybersecurity Programs From EHA’s Diamond Membership: Be part of At present
