CVE-2025-55675

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0

Description: Apache Superset contains an improper access control issue in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure.

Recommendations: Upgrade to version 5.0.0.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

BDU:2025-10091

BIT-SUPERSET-2025-55675

CVE-2025-55675

GHSA-MHPQ-M962-MG92

Affected Products

Apache Superset

CVE-2025-55675

Weakness Enumeration

Related Identifiers

Affected Products

References · 11