Description

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.

INFO

Published Date :

2025-05-27T20:51:34.287Z

Last Modified :

2026-02-27T16:41:01.549Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-5198 vulnerability.

Vendors Products
Redhat
  • Advanced Cluster Security
Stackrox
  • Stackrox
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-5198.

URL Resource
https://access.redhat.com/security/cve/CVE-2025-5198 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2368568 cve-icon cve-icon
https://github.com/stackrox/stackrox/pull/13336 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-5198 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-5198 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact