CVE-2025-55673

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 4.1.3

Description: A guest user accessing a chart in Apache Superset receives an API response from the /chart/data endpoint that includes a query field. This field improperly discloses database schema information, such as table names, to the low-privileged guest user.

Recommendations: Upgrade to version 4.1.3.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2025-10092

BIT-SUPERSET-2025-55673

CVE-2025-55673

GHSA-9G5X-MM39-WG9R

Affected Products

Apache Superset

CVE-2025-55673

Weakness Enumeration

Related Identifiers

Affected Products

References · 11