Moderate severityNVD Advisory· Published May 13, 2025· Updated Sep 1, 2025
Apache Superset: Incorrect authorization leading to resource ownership takeover
CVE-2025-27696
Description
Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.
This issue affects Apache Superset: through 4.1.1.
Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-supersetPyPI | < 4.1.2 | 4.1.2 |
Affected products
3- osv-coords2 versions
< 4.1.2+ 1 more
- (no CPE)range: < 4.1.2
- (no CPE)range: < 4.1.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-w6c7-j32f-rq8jghsaADVISORY
- lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-27696ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/05/12/3ghsaWEB
- github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425ghsaWEB
News mentions
0No linked articles in our index yet.