Description

A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue.

INFO

Published Date :

2025-08-14T13:17:33.843Z

Last Modified :

2025-08-14T13:52:26.910Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55672 vulnerability.

Vendors Products
Apache
  • Superset
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55672.

URL Resource
https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability