CVE-2025-5198: Stackrox: xss in stackrox
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.
Other sources
ACS is vulnerable to an XSS attack if script code is included in a small subset of table cells. The only known potential exploit at this time is if script is included in the name of a kubernetes “Role” object that isapplied to a secured cluster. This object can be applied via a user withaccess to the cluster, or through a compromised third-party product. Otherfields are susceptible as well but at this point there is no proof o concept injecting scripts into these fields.
— Red Hat
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2025-5198?
CVE-2025-5198 has been classified as a medium severity vulnerability due to its potential for Cross-site scripting (XSS) attacks.
How do I fix CVE-2025-5198?
To mitigate CVE-2025-5198, ensure that proper input validation and sanitization are implemented for Kubernetes Role object names to prevent script inclusion.
What software is affected by CVE-2025-5198?
CVE-2025-5198 affects Stackrox and Brivo Access Control System (ACS) software.
What type of vulnerability is CVE-2025-5198?
CVE-2025-5198 is classified as a Cross-site scripting (XSS) vulnerability.
What could an attacker achieve by exploiting CVE-2025-5198?
An attacker exploiting CVE-2025-5198 could execute malicious scripts in the context of the user's browser, potentially leading to data theft or session hijacking.