This issue affects Apache Superset: through 4.1.1.
Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.
Metrics
Affected Vendors & Products
Mon, 01 Sep 2025 10:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-285 |
Mon, 01 Sep 2025 10:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue. | Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue. |
Title | Apache Superset: Improper authorization leading to resource ownership takeover | Apache Superset: Incorrect authorization leading to resource ownership takeover |
Wed, 16 Jul 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache superset |
|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache superset |
|
Metrics |
cvssV3_1
|
Tue, 13 May 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 13 May 2025 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 13 May 2025 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue. | |
Title | Apache Superset: Improper authorization leading to resource ownership takeover | |
Weaknesses | CWE-285 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2025-09-01T09:52:53.293Z
Reserved: 2025-03-05T08:57:14.278Z
Link: CVE-2025-27696

Updated: 2025-05-13T09:04:04.746Z

Status : Modified
Published: 2025-05-13T09:15:20.823
Modified: 2025-09-01T10:15:33.457
Link: CVE-2025-27696

No data.

No data.