N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-55672

GHSA ID

GHSA-fj97-2v9x-w5m4

EPSS Score

0.20415%

CWE

CWE-80

Published

8/14/2025

Updated

8/14/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-55672

CVE-2025-55672: Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user.

This issue affects Apache Superset: before 5.0.0.

Users are recommended to upgrade to version 5.0.0, which fixes the issue.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-55672

GHSA ID

GHSA-fj97-2v9x-w5m4

EPSS Score

0.20415%

CWE

CWE-80

Published

8/14/2025

Updated

8/14/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
apache-superset	pip	< 5.0.0	5.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

* stor** *ross-Sit* S*riptin* (XSS) vuln*r**ility *xists in *p**** Sup*rs*t's ***rt visu*liz*tion. *n *ut**nti**t** us*r wit* p*rmissions to **it ***rts **n inj**t * m*li*ious p*ylo** into * *olumn's l***l. T** p*ylo** is not prop*rly s*nitiz** *n* *

Reasoning

No *n*lysis *v*il**l*

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-55672: Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI