CVE-2025-64744 — LOW (3.5) — White Hats Nepal

Vulnerability Description

OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without proper HTML escaping. As of time of publication, no patched versions are available.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-79

References

https://github.com/openobserve/openobserve/security/advisories/GHSA-3jpx-57gj-w4

FAQ

What is CVE-2025-64744?

CVE-2025-64744 is a vulnerability with a CVSS score of 3.5 (LOW). OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitat...

How severe is CVE-2025-64744?

CVE-2025-64744 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-64744?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.