Cross-Site Scripting Vulnerability in Apache Atlas by Apache
CVE-2025-62198

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Atlas
Vendor: CVE Published:; 22 June 2026

What is CVE-2025-62198?

An authenticated user can exploit a Cross-Site Scripting vulnerability in Apache Atlas, allowing them to execute arbitrary JavaScript code in the context of other users. This issue specifically impacts versions up to 2.4.0. It is crucial for users to update to version 2.5.0 to mitigate this risk and enhance the overall security of the application. Organizations should take immediate action to protect their data and users from potential attacks enabled by this vulnerability.

Affected Version(s)

Apache Atlas 0 <= 2.4.0

References

https://lists.apache.org/thread/nv893lhz3ok08f25j3v4z1to5...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Oct 8, 2025

Credit

Grzegorz Misiun

CVE-2025-62198 Data

JSON