CVE-2025-5895
Last modified
CVE-2025-5895 is a low-severity vulnerability rated 2.1/10 on the CVSS scale. A vulnerability was found in Metabase 54.10. It has been classified as problematic. EPSS estimates a 0.50% chance of exploitation in the next 30 days.
Description
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named 4454ebbdc7719016bf80ca0f34859ce5cee9f6b0. It is recommended to apply a patch to fix this issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Metabase | Metabase | 0.54.10 |
References
- https://github.com/metabase/metabase/pull/57011Exploit, Issue Tracking, Patch
- https://github.com/metabase/metabase/pull/57011#pullrequestreview-2792664135Exploit, Issue Tracking, Patch
- https://vuldb.com/?ctiid.311667Permissions Required, VDB Entry
- https://vuldb.com/?id.311667Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.585795Third Party Advisory, VDB Entry
- https://github.com/metabase/metabase/pull/57011Exploit, Issue Tracking, Patch
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-5895?
How severe is CVE-2025-5895?
How do I fix CVE-2025-5895?
Are you affected by CVE-2025-5895?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST