New! 
Root has once again demonstrated its commitment to rapid security response by being among the first to provide a fix for CVE-2025-25015—a critical prototype pollution vulnerability affecting Kibana. Our starter Kibana image was released at 7:30 AM GMT on Saturday, March 8, with the upstream image at the correct fixed version, ensuring our customers remained protected ahead of official upstream mitigations.
Understanding CVE-2025-25015
Elastic recently disclosed CVE-2025-25015, a critical (CVSS score 9.9) vulnerability that affects Kibana versions 8.15.0 to 8.17.3. The flaw enables arbitrary code execution through prototype pollution, allowing attackers to manipulate JavaScript objects in ways that could lead to data exposure, privilege escalation, and remote code execution.
Affected Versions:
- Kibana 8.15.0 – 8.17.3 (full impact)
- Kibana 8.15.0 – 8.17.1 (exploitable by Viewer role users)
- Kibana 8.17.1 – 8.17.2 (exploitable with
fleet-all,integrations-all, andactions:execute-advanced-connectorsprivileges)
Elastic released a security update addressing this issue in Kibana 8.17.3 at March 5, 9:41 AM UTC. Full details are available in their advisory: Kibana 8.17.3 Security Update.
Root’s Immediate Response
Rather than waiting for software updates that may take time to roll out across different environments, Root delivered an immediate release with the upstream image at the correct fixed version for CVE-2025-25015 at 7:30 AM GMT on March 8. This means we published our fix within 2 days and 22 hours of the security advisory from Elastic.
Why This Matters:
- Zero-Downtime Protection: No need to take down production systems to rebuild vulnerable images.
- Faster Than Traditional Patching: While vendors work on official patches, Root customers are already protected.
- Seamless CI/CD Integration: Our fix is automatically applied to container images, ensuring security at every stage of deployment.
What You Should Do
If You Use Root
You’re already protected. Our automated patching system has secured all affected images against CVE-2025-25015. No manual intervention is required.
If You’re Not Using Root:
Start using Root to take advantage of Automated Vulnerability Remediation (AVR)
- Head to Root’s Images Catalog
- Select Root’s Kibana Image
- Continue the sign up flow to get your image
Manual fix
- Upgrade to Kibana 8.17.3 immediately.
- If immediate patching isn’t an option, set the following configuration in
kibana.yml:xpack.integration_assistant.enabled: false - Monitor security advisories from Elastic and apply updates as they become available.
Staying Ahead of the Next Vulnerability
At Root, we believe security should be proactive, not reactive. Our AVR system continuously scans, patches, and secures container images against new threats—often before official upstream fixes are available.
Want to stay ahead of the next security threat? Check out Root’s Images Catalog for the most secure, latest images—available for free.