CVE-2025-27696

High CVSS 8.8

Overview

Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.

This issue affects Apache Superset: through 4.1.1.

Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.

CWE: CWE-285 Published: 2025-05-13T09:15:20.823

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.8 (HIGH)
Detected tags: apache (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags