CVE-2025-62198 | An authenticated user can perform XSS. This issue affects A…

Description

An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue.

Metadata

CVE ID: CVE-2025-62198
State: PUBLISHED
Assigner: apache
Reserved: 2025-10-08 19:44 UTC
Published: 2026-06-22 07:47 UTC
Last updated: 2026-06-22 08:01 UTC
Primary CWE: CWE-80
CWE-80 Improper Neutralization of Script-Related HTML Tags i…
Vendor / Product: Apache Software Foundation / Apache Atlas
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (1)

Vendor	Product	Platform	Versions
Apache Software Foundation	Apache Atlas	—	0 ≤ 2.4.0

Weakness (CWE)

CWE	Source	Description
CWE-80	cna	CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References (1)

https://lists.apache.org/thread/nv893lhz3ok08f25j3v4z1to5nrpdp7k