Cross-Site Scripting Vulnerability in Stackrox Kubernetes Role Management
CVE-2025-5198

5MEDIUM

Key Information:

Status
Red Hat Advanced Cluster Security 4
Vendor
CVE Published:
27 May 2025

What is CVE-2025-5198?

A security flaw has been identified in Stackrox that exposes it to Cross-site Scripting (XSS) vulnerabilities within specific table cells. This issue arises when script code is inadvertently included in the names of Kubernetes Role objects. Such configurations could potentially be manipulated by users with access to the secured cluster or via compromised third-party applications, increasing the overall risk of unauthorized actions within the Kubernetes environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2025-5198
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2368568
issue-trackingx_refsource_REDHAT
https://github.com/stackrox/stackrox/pull/13336

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.