Description
A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leading to the disclosure of sensitive database information like the software version. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue.
INFO
Published Date :
2025-08-14T13:18:10.535Z
Last Modified :
2025-08-14T13:49:51.691Z
Source :
apache
AFFECTED PRODUCTS
The following products are affected by CVE-2025-55674 vulnerability.
Vendors | Products |
---|---|
Apache |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55674.