CVE-2025-55674

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0

Description: A bypass of the DISALLOWED SQL FUNCTIONS security feature allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, potentially leading to the disclosure of sensitive database information, such as the software version.

Recommendations: Upgrade to version 5.0.0.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2025-10090

BIT-SUPERSET-2025-55674

CVE-2025-55674

GHSA-FXGF-3XH6-M2PP

Affected Products

Apache Superset

CVE-2025-55674

Weakness Enumeration

Related Identifiers

Affected Products

References · 11