CVE-2025-5198 MEDIUM

CVE-2025-5198: Stackrox: xss in stackrox

Vendor Red Hat
Product Red Hat Advanced Cluster Security 4
Weakness CWE-79 · XSS
Published May 27, 2025
Last update February 27, 2026

CVSS base score

5.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.

Key dates

02Disclosure timeline

May 27, 2025 CVE published
February 27, 2026 Record updated

Related vulnerabilities

04Related CVE