PT-2025-20830 · Apache · Apache Superset
Daniel Gaspar
+1
·
Published
2025-05-13
·
Updated
2025-09-01
·
CVE-2025-27696
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Superset versions through 4.1.1
Description
The issue is related to improper authorization, allowing authenticated users with read permissions to take ownership of dashboards, charts, or datasets.
Recommendations
For Apache Superset versions through 4.1.1, upgrade to version 4.1.2 or above to fix the issue.
Fix
Incorrect Authorization
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Superset