New Kibana Vulnerabilities Allow Attackers to Embed Malicious Scripts

Elastic has released critical security updates to address a dangerous cross-site scripting (XSS) vulnerability affecting multiple versions of Kibana.

The vulnerability, tracked as CVE-2025-68385,…