CVE-2025-62198

MEDIUM

Apache Atlas: Stored XSS in Create Entity page

Title source: cna
STIX 2.1

Description

An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue.

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0032
EPSS Percentile 23.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-80
Status published
Products (2)
apache/atlas < 2.5.0
Apache Software Foundation/Apache Atlas < 2.4.0
Published Jun 22, 2026
Tracked Since Jun 22, 2026