XSS in Openobserve
CVE-2025-64744
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-con…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (4.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.
Affected products
- Openobserve — versions <= 0.16.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2025-64744?
- CVE-2025-64744 is a low-severity vulnerability in Openobserve, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2025-11-13.
- How severe is CVE-2025-64744?
- Low severity. CVSS v3 base score is 3.5 out of 10.