CVE-2025-64744

OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails

Description

OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without proper HTML escaping. As of time of publication, no patched versions are available.

INFO

Published Date :

2025-11-13T20:30:20.960Z

Last Modified :

2025-11-13T21:14:33.407Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-64744 vulnerability.

Vendors	Products
Openobserve	Openobserve

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64744.

URL	Resource
https://github.com/openobserve/openobserve/security/advisories/GHSA-3jpx-57gj-w458

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact