Severity: Affected versions:
- Apache Superset before 5.0.0 Description: Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue. Credit: Daniel Höxtermann / hxtmdev (remediation developer) Pedro Sousa (coordinator) References: https://www.cve.org/CVERecord?id=CVE-2025-55675
