CVE-2025-5198 - Vulnerability Details

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Advanced Cluster Security

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2025-5198
https://bugzilla.redhat.com/show_bug.cgi?id=2368568
https://nvd.nist.gov/vuln/detail/CVE-2025-5198
https://www.cve.org/CVERecord?id=CVE-2025-5198

History

Wed, 28 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 27 May 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.
Title	stackrox: XSS in Stackrox	Stackrox: xss in stackrox
First Time appeared		Redhat Redhat advanced Cluster Security
CPEs		cpe:/a:redhat:advanced_cluster_security:4
Vendors & Products		Redhat Redhat advanced Cluster Security
References		https://access.redhat.com/security/cve/CVE-2025-5198 https://bugzilla.redhat.com/show_bug.cgi?id=2368568

Tue, 27 May 2025 02:45:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		stackrox: XSS in Stackrox
Weaknesses		CWE-79
References		https://nvd.nist.gov/vuln/detail/CVE-2025-5198 https://www.cve.org/CVERecord?id=CVE-2025-5198
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.0, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}` threat_severity `Moderate`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-05-27T20:51:34.287Z

Updated: 2025-05-28T13:50:42.784Z

Reserved: 2025-05-26T11:35:17.968Z

Link: CVE-2025-5198

Vulnrichment

Updated: 2025-05-28T13:50:36.434Z

NVD

Status : Awaiting Analysis

Published: 2025-05-27T21:15:22.863

Modified: 2025-05-28T15:01:30.720

Link: CVE-2025-5198

Redhat

Severity : Moderate

Publid Date: 2025-05-26T00:00:00Z

Links: CVE-2025-5198 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object