CVE-2025-37734

Description

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-12 | Updated 2025-11-12 | Assigner elastic

Problem types

CWE-346 Origin Validation Error

Product status

References

discuss.elastic.co/...2-1-security-update-esa-2025-24/383381

cve.org (CVE-2025-37734)

nvd.nist.gov (CVE-2025-37734)

Download JSON