CVE-2025-64744

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-64744

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-64744.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-64744

Aliases

GHSA-3jpx-57gj-w458

Published

2025-11-13T20:30:20.960Z

Modified

2025-12-02T20:18:52.996716Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails

Details

OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without proper HTML escaping. As of time of publication, no patched versions are available.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64744.json"
}

References

Affected packages

Git / github.com/openobserve/openobserve

Affected ranges

Type

GIT

Repo

https://github.com/openobserve/openobserve

Events

Introduced

Last affected

b8a6edc5306be97e47ae3fe1435463c2a0939a07

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.16.1"
        }
    ]
}

Affected versions

v0.*

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.10.0

v0.10.1

v0.10.2

v0.10.2-rc1

v0.10.3

v0.10.4

v0.10.5

v0.10.6

v0.10.6-rc1

v0.10.6-rc2

v0.10.7

v0.10.7-rc1

v0.10.7-rc2

v0.10.7-rc3

v0.10.8

v0.10.8-rc1

v0.10.8-rc2

v0.10.8-rc3

v0.10.8-rc4

v0.10.8-rc5

v0.10.9

v0.10.9-rc1

v0.10.9-rc2

v0.10.9-rc3

v0.10.9-rc4

v0.11.0

v0.11.0-rc1

v0.11.0-rc2

v0.11.0-rc3

v0.12.0

v0.12.0-rc1

v0.12.0-rc2

v0.12.1

v0.13.0

v0.13.0-rc1

v0.13.0-rc2

v0.13.1

v0.13.1-rc1

v0.13.1-rc2

v0.13.1-rc3

v0.13.2-rc1

v0.13.2-rc2

v0.13.2-rc3

v0.13.2-rc4

v0.14.0

v0.14.1

v0.14.1-rc1

v0.14.1-rc2

v0.14.1-rc3

v0.14.2

v0.14.3

v0.14.3-rc1

v0.14.3-rc2

v0.14.3-rc3

v0.14.4

v0.14.5

v0.14.5-rc1

v0.14.5-rc2

v0.14.5-rc3

v0.14.5-rc4

v0.14.5-rc5

v0.14.5-rc6

v0.14.6

v0.14.6-rc1

v0.14.6-rc2

v0.14.6-rc3

v0.14.6-rc4

v0.14.6-rc5

v0.14.6-rc6

v0.14.6-rc7

v0.14.6-rc8

v0.14.7

v0.15.0

v0.15.0-rc1

v0.15.0-rc2

v0.15.0-rc3

v0.15.0-rc5

v0.16.0

v0.16.0-rc1

v0.16.1

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.7.0

v0.7.0-rc1

v0.7.0-rc2

v0.7.2

v0.7.2-rc1

v0.8.0

v0.8.0-rc1

v0.8.0-rc2

v0.8.1

v0.8.1-rc1

v0.8.1-rc2

v0.8.2-rc1

v0.8.2-rc2

v0.8.2-rc3

v0.8.2-rc4

v0.8.2-rc5

v0.8.2-rc6

v0.8.2-rc7

v0.9.0-rc1

v0.9.0-rc2

v0.9.0-rc3

v0.9.0-rc4

v0.9.0-rc5

v0.9.0-rc6

v0.9.0-rc7

v0.9.0-rc8

v0.9.1

v0.9.2-rc1