/
DirectorySecurity AdvisoriesPricing
Sign inRequest a trial
Security Advisories

CVE-2025-55673

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-55673

Severity

4.3

Medium

CVSS CVSS_V3

Description

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user.

This issue affects Apache Superset: before 4.1.3.

Users are recommended to upgrade to version 4.1.3, which fixes the issue.

References

  • https://images.chainguard.dev/security/CGA-4wfr-m54f-6w36
  • https://github.com/advisories/GHSA-9g5x-mm39-wg9r
  • https://lists.apache.org/thread/h2hw756wk4sj4z49blvzkr5fntl9hlf8

Affected packages

Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs

Why Chainguard

FedRAMPPCICVE RemediationGolden Images

Customers

Customer StoriesChainguard Love

Company

About UsPricingContact UsOpen SourceCareersNewsroomLegalScanner Partners

Resources

Unchained BlogEventsTrust CenterDocumentation