Unrated severityOSV Advisory· Published May 27, 2025· Updated Feb 27, 2026

Stackrox: xss in stackrox

CVE-2025-5198

Description

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Stackrox/StackroxOSV
Range: 3.65.x, 3.67.x, 3.68.x, …

Patches

Vulnerability mechanics

References

access.redhat.com/security/cve/CVE-2025-5198mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
github.com/stackrox/stackrox/pull/13336mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000