CVE-2025-27696: Apache Superset Allows Ownership Takeover

May 13, 2025

Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.

This issue affects Apache Superset: through 4.1.1.

Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.

References

github.com/advisories/GHSA-w6c7-j32f-rq8j
github.com/apache/superset
github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425
lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413
nvd.nist.gov/vuln/detail/CVE-2025-27696

Code Behaviors & Features

Detect and mitigate CVE-2025-27696 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →