CVE-2025-27696 Information

Description

Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards charts or datasets by authenticated users with read permissions.

This issue affects Apache Superset: through 4.1.1.

Users are recommended to upgrade to version 4.1.2 or above which fixes the issue.

Reference

http://www.openwall.com/lists/oss-security/2025/05/12/3 https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413