CVE-2025-5198

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.

Published: May 27, 2025
Updated: May 28, 2025
CVE: CVE-2025-5198
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
redhat / advanced_cluster_security	4.0	4.0.x

https://access.redhat.com/security/cve/CVE-2025-5198
https://bugzilla.redhat.com/show_bug.cgi?id=2368568

Vulnerability Database

289,598

CVE-2025-5198