CVE-2025-5895

Medium CVSS: 5.3

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named 4454ebbdc7719016bf80ca0f34859ce5cee9f6b0. It is recommended to apply a patch to fix this issue.

Vendor

Metabase

Product

Metabase

CWE

CWE-400

Yayın Tarihi

2025-06-09 20:15:25

Güncelleme

2025-07-10 16:26:17

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-400 Metabase MEDIUM Metabase 2025

Referanslar

https://github.com/metabase/metabase/commit/4454ebbdc7719016bf80ca0f34859ce5cee9f6b0 https://github.com/metabase/metabase/pull/57011 https://github.com/metabase/metabase/pull/57011#pullrequestreview-2792664135 https://vuldb.com/?ctiid.311667 https://vuldb.com/?id.311667 https://vuldb.com/?submit.585795 https://github.com/metabase/metabase/pull/57011

Benzer Kayıtlar

High

CVE-2026-33725

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1…

High

CVE-2026-27464

Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, aut…

Medium

CVE-2025-27141

Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Sta…