Apache Superset: Stored XSS on charts metadata_CVE-2025-55672

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N

Description

A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user.

This issue affects Apache Superset: before 5.0.0.

Users are recommended to upgrade to version 5.0.0, which fixes the issue.

Basic Information

ID CVE-2025-55672

Source apache

Published Aug 14, 2025 at 13:17

Modified Aug 14, 2025 at 13:52

Affected Product

Vendor Apache Software Foundation

Product Apache Superset

Affected Versions Apache Software Foundation Apache Superset 0

CWE Classification

CWE-80

References

lists.apache.org /thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj

{
    "lastseen": "",
    "description": "A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.",
    "published": "2025-08-14T13:17:33.843Z",
    "modified": "2025-08-14T13:52:26.910Z",
    "type": "cve",
    "title": "Apache Superset: Stored XSS on charts metadata",
    "source": "apache",
    "references": "https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj",
    "id": "CVE-2025-55672",
    "bulletinFamily": "",
    "cwe": [
        "CWE-80"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Superset 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Superset",
    "version": "0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}