Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-27696
CVE-2025-27696:
Apache Superset vulnerability analysis and mitigation
Overview
CVE-2025-27696 is an Improper Authorization vulnerability discovered in Apache Superset that affects versions through 4.1.1. The vulnerability was disclosed on May 12, 2025, and allows authenticated users with read permissions to perform unauthorized ownership takeover of dashboards, charts, or datasets (NVD, Wiz).
Technical details
The vulnerability is classified as CWE-285 (Improper Authorization) with a CVSS 4.0 Base Score of 5.3 (Medium). The vulnerability vector string is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N, indicating that it requires network access and low attack complexity, with authenticated access required (NVD, Wiz).
Impact
The vulnerability allows authenticated users with read permissions to escalate their privileges and take ownership of resources including dashboards, charts, and datasets within Apache Superset installations (OSS Security).
Mitigation and workarounds
Users are recommended to upgrade to Apache Superset version 4.1.2 or above, which contains the fix for this vulnerability. The fix was developed by Daniel Gaspar (OSS Security).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management