XSS in Openobserve

CVE-2025-64744

OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-con…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (4.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-64744?
CVE-2025-64744 is a low-severity vulnerability in Openobserve, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2025-11-13.
How severe is CVE-2025-64744?
Low severity. CVSS v3 base score is 3.5 out of 10.