CVE-2025-27696

CWE-863Incorrect AuthorizationCWE-2854 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 76.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache SupersetApache Software Foundation Apache Superset
Timeline
PublishedMay 13

Description

Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Packages3 packages

NVDapache/superset< 4.1.2
PyPIapache-superset< 4.1.2

🔴Vulnerability Details

3
OSV
Apache Superset Allows Ownership Takeover2025-05-13
CVEList
Apache Superset: Incorrect authorization leading to resource ownership takeover2025-05-13
GHSA
Apache Superset Allows Ownership Takeover2025-05-13
CVE-2025-27696 (MEDIUM CVSS 5.3) | Incorrect Authorization vulnerabili | cvebase.io