Elastic has issued an urgent security advisory for a critical vulnerability in Kibana, tracked as CVE-2025-25012, that allows authenticated attackers to execute arbitrary code on affected systems. The flaw, rated 9.9 on the CVSS v3.1 scale, stems from a prototype pollution issue in Kibana’s file upload handler and HTTP request processing. Exploitation could lead to […]
The post Critical Kibana Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.
A critical security vulnerability in LibreOffice tracked as CVE-2025-1080, has exposed millions of users to potential remote code execution attacks through manipulated macro URLs. Patched in versions 24.8.5 and 25.2.1 released on March 4, 2025, this flaw allowed attackers to bypass security protocols and execute arbitrary scripts via LibreOffice’s custom URI scheme. The vulnerability highlights […]
The post LibreOffice Vulnerability Let Attackers Execute Arbitrary Script Using Macro URL appeared first on Cyber Security News.