CVE-2025-62198 - Vulnerability Details - OpenCVE

An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apache	Atlas

No data.

No data.

References

Link	Providers
https://lists.apache.org/thread/nv893lhz3ok08f25j3v4z1to5nrpdp7k

History

Mon, 22 Jun 2026 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 22 Jun 2026 11:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache atlas
Vendors & Products		Apache Apache atlas

Mon, 22 Jun 2026 08:00:00 +0000

Type	Values Removed	Values Added
Description		An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Title		Apache Atlas: Stored XSS in Create Entity page
Weaknesses		CWE-80
References		https://lists.apache.org/thread/nv893lhz3ok08f25j3v4z1to5nrpdp7k

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2026-06-22T07:47:11.847Z

Updated: 2026-06-22T15:50:36.658Z

Reserved: 2025-10-08T19:44:39.189Z

Link: CVE-2025-62198

Vulnrichment

Updated: 2026-06-22T08:01:16.131Z

NVD

No data.

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-62198", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-10-08T19:44:39.189Z", "datePublished": "2026-06-22T07:47:11.847Z", "dateUpdated": "2026-06-22T15:50:36.658Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Atlas", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.4.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Grzegorz Misiun"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An authenticated user can perform XSS.</p><p>This issue affects Apache Atlas <span style=\"background-color: rgb(255, 255, 255);\">versions </span>2.4.0 and earlier.</p><p>Users are recommended to upgrade to version 2.5.0, which fixes the issue.</p>"}], "value": "An authenticated user can perform XSS.\n\nThis issue affects Apache Atlas versions 2.4.0 and earlier.\n\nUsers are recommended to upgrade to version 2.5.0, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-06-22T07:47:11.847Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/nv893lhz3ok08f25j3v4z1to5nrpdp7k"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Atlas: Stored XSS in Create Entity page", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/20/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-22T08:01:16.131Z"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-22T15:50:14.516394Z", "id": "CVE-2025-62198", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T15:50:36.658Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/20/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-22T08:01:16.131Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-62198", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-22T15:50:14.516394Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T15:50:30.957Z"}}], "cna": {"title": "Apache Atlas: Stored XSS in Create Entity page", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Grzegorz Misiun"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "important"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Atlas", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.4.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/nv893lhz3ok08f25j3v4z1to5nrpdp7k", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An authenticated user can perform XSS.\n\nThis issue affects Apache Atlas versions 2.4.0 and earlier.\n\nUsers are recommended to upgrade to version 2.5.0, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>An authenticated user can perform XSS.</p><p>This issue affects Apache Atlas <span style=\"background-color: rgb(255, 255, 255);\">versions </span>2.4.0 and earlier.</p><p>Users are recommended to upgrade to version 2.5.0, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-06-22T07:47:11.847Z"}}}, "cveMetadata": {"cveId": "CVE-2025-62198", "state": "PUBLISHED", "dateUpdated": "2026-06-22T15:50:36.658Z", "dateReserved": "2025-10-08T19:44:39.189Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2026-06-22T07:47:11.847Z", "assignerShortName": "apache"}, "dataVersion": "5.2"}