CVE-2025-27141

Summary

CVE-2025-27141 is a vulnerability affecting Metabase Enterprise Edition, a business intelligence and data analytics software. In versions 1.47.0 and prior to 1.50.36, 1.51.14, 1.52.11, and 1.53.2, users with impersonation permissions can view cached results of questions, including data they should not have access to. This issue arises when a user runs a question that gets cached, and then an impersonated user queries the same question. The Enterprise Edition of Metabase is impacted, while the Open Source Edition remains unaffected. Patches for versions 1.53.2, 1.52.11, 1.51.14, and 1.50.36 are available. Versions on the 1.49.X, 1.48.X, and 1.47.X branches are vulnerable without a patch, advising users to upgrade to a major version with a fix or disable question caching as a workaround.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.