Cross-Site Scripting Vulnerability in Stackrox Kubernetes Role Management
CVE-2025-5198

5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Advanced Cluster Security 4
Vendor: CVE Published:; 27 May 2025

What is CVE-2025-5198?

A security flaw has been identified in Stackrox that exposes it to Cross-site Scripting (XSS) vulnerabilities within specific table cells. This issue arises when script code is inadvertently included in the names of Kubernetes Role objects. Such configurations could potentially be manipulated by users with access to the secured cluster or via compromised third-party applications, increasing the overall risk of unauthorized actions within the Kubernetes environment.

References

https://access.redhat.com/security/cve/CVE-2025-5198

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2368568

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2025
Vulnerability Reserved
May 26, 2025

Red Hat

What is CVE-2025-5198?

References

CVSS V3.1

Timeline