/
DirectorySecurity AdvisoriesPricing
Sign inRequest a trial
Security Advisories

CVE-2025-55675

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-55675

Severity

6.5

Medium

CVSS CVSS_V3

Description

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure.

This issue affects Apache Superset: before 5.0.0.

Users are recommended to upgrade to version 5.0.0, which fixes the issue.

References

  • https://images.chainguard.dev/security/CGA-vf2q-hv79-x95j
  • https://github.com/advisories/GHSA-mhpq-m962-mg92
  • https://lists.apache.org/thread/op681b4kbd7g84tfjf9omz0sxggbcv33

Affected packages

Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs

Why Chainguard

FedRAMPPCICVE RemediationGolden Images

Customers

Customer StoriesChainguard Love

Company

About UsPricingContact UsOpen SourceCareersNewsroomLegalScanner Partners

Resources

Unchained BlogEventsTrust CenterDocumentation