CVE-2025-5198 is a Cross-site Scripting (XSS) vulnerability identified in Red Hat Advanced Cluster Security 4, specifically versions 4.4.0 and 4.5.0. The flaw arises due to improper neutralization of input during web page generation, where script code embedded in certain table cells is not correctly sanitized. The vulnerability is exploitable when malicious script code is included in the name of a Kubernetes Role object applied to a secured cluster. This Role object, if manipulated by an attacker with access to the cluster or via a compromised third-party product, can trigger the XSS vulnerability when viewed through the Stackrox web interface. The vulnerability has a CVSS 3.1 base score of 5.0, indicating a medium severity level. The vector details indicate that the attack requires network access (AV:N), high attack complexity (AC:H), no privileges required (PR:N), user interaction is needed (UI:R), and the impact affects confidentiality, integrity, and availability to a low degree (C:L/I:L/A:L). No known exploits are currently observed in the wild. The vulnerability is significant because Kubernetes Role objects are critical for defining permissions within clusters, and their names are typically trusted inputs. Exploitation could allow an attacker to execute arbitrary scripts in the context of the web interface user, potentially leading to session hijacking, unauthorized actions, or information disclosure within the management console of the cluster security product. This vulnerability highlights the importance of input validation and output encoding in web applications managing Kubernetes security configurations.

For European organizations using Red Hat Advanced Cluster Security 4, this vulnerability poses a moderate risk. The XSS flaw could be leveraged by attackers to execute malicious scripts in the context of administrators or security personnel accessing the Stackrox interface, potentially leading to session theft, privilege escalation, or unauthorized cluster configuration changes. Given that Kubernetes is widely adopted across European enterprises for container orchestration, and Red Hat's security product is used to manage cluster security, exploitation could undermine the integrity of security monitoring and enforcement. This could result in compromised cluster security posture, data leakage, or disruption of containerized applications. The requirement for user interaction and high attack complexity somewhat limits the attack surface, but insider threats or compromised third-party integrations could facilitate exploitation. The impact on confidentiality, integrity, and availability, while low individually, combined with the critical nature of Kubernetes cluster security, makes this vulnerability a concern for organizations relying on these tools for regulatory compliance and operational security.

To mitigate this vulnerability, European organizations should promptly upgrade Red Hat Advanced Cluster Security to a patched version once available. In the interim, organizations should implement strict input validation and sanitization policies for Kubernetes Role object names, ensuring that no script code or potentially malicious characters are allowed. Restrict access to the cluster and the security management interface to trusted personnel only, and monitor for unusual Role object creation or modification activities. Employ Web Application Firewalls (WAFs) with rules to detect and block XSS payloads targeting the Stackrox interface. Additionally, enforce multi-factor authentication (MFA) for accessing the security console to reduce the risk of session hijacking. Regularly audit third-party integrations and plugins for potential compromise vectors that could inject malicious Role objects. Finally, educate administrators and users about the risks of interacting with untrusted inputs within the security management console.