CVE-2025-55672

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0

Description: A stored Cross-Site Scripting (XSS) issue exists in the chart visualization feature. An authenticated user with chart editing permissions can inject a malicious payload into a column's label. This payload is not properly sanitized and is executed in the victim's browser when hovering over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user.

Recommendations: Upgrade to version 5.0.0.