CVE-2023-39265

LOW EXPLOITED

Apache Superset <= 2.1.0 - SQLite Database Connection Manipulation via Alternative Driver Names

Title source: llm

Exploitation Summary

CVE-2023-39265 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including h00die, paradoxis, Spencer McIntyre, Naveen Sunkavally, including a Metasploit module exploits/linux/http/apache_superset_cookie_sig_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2023-39265 in Apache Superset by forging signed cookies using a known default secret key, escalating privileges to admin, and achieving RCE via dashboard manipulation and pickled payload execution.

Description

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

Exploits (1)

metasploit WORKING POC GOOD

by h00die, paradoxis, Spencer McIntyre, Naveen Sunkavally · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_superset_cookie_sig_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-39265 in Apache Superset by forging signed cookies using a known default secret key, escalating privileges to admin, and achieving RCE via dashboard manipulation and pickled payload execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Superset <= 2.0.0

Auth required

Prerequisites: Valid user credentials · Access to the target web interface · Known admin user ID

MITRE ATT&CK

T1555 - Credentials from Password Stores T1505 - Server Software Component T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html

Scores

CVSS v3 3.8

EPSS 0.7208

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2025-08-12

CWE

CWE-20

Status published

Products (2)

apache/superset < 2.1.0

pypi/apache-superset 0PyPI

Published Sep 06, 2023

Tracked Since Feb 18, 2026