CVE-2025-64744

Name of the Vulnerable Software and Affected Versions OpenObserve versions prior to 0.16.2

Description OpenObserve is a cloud-native observability platform. When creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This occurs because user-controlled input is inserted into the email template without proper HTML escaping.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.