CVE-2025-62198 PUBLISHED

Apache Atlas: Stored XSS in Create Entity page

Assigner: apache
Reserved: 08.10.2025 Published: 22.06.2026 Updated: 22.06.2026

An authenticated user can perform XSS.

This issue affects Apache Atlas versions 2.4.0 and earlier.

Users are recommended to upgrade to version 2.5.0, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache Atlas
Versions Default: unaffected
  • affected from 0 to 2.4.0 (incl.)

Credits

  • Grzegorz Misiun finder

References

Problem Types

  • CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE