CVE-2025-5198 is a medium-severity Cross-site Scripting (XSS) vulnerability identified in Red Hat Advanced Cluster Security 4, specifically versions 4.4.0 and 4.5.0. The flaw arises from improper neutralization of input during web page generation, allowing malicious script code to be injected into a limited subset of table cells within the product's user interface. The vulnerability is exploitable when an attacker includes malicious script code in the name of a Kubernetes "Role" object applied to a secured cluster. This Role object is a Kubernetes resource used to define permissions within the cluster. Exploitation requires that the attacker has access to the cluster or can leverage a compromised third-party product that interacts with the cluster. When the malicious Role object is rendered in the Stackrox interface, the embedded script executes in the context of the user's browser session, potentially leading to unauthorized actions such as session hijacking, data theft, or manipulation of the interface. The CVSS v3.1 base score is 5.0, reflecting a medium severity level, with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and low impact on confidentiality, integrity, and availability (C:L/I:L/A:L). No known exploits are currently reported in the wild. This vulnerability highlights the risk of insufficient input sanitization in web interfaces that display Kubernetes resource metadata, which can be manipulated by attackers with cluster access or through compromised integrations.

For European organizations using Red Hat Advanced Cluster Security 4, this vulnerability poses a risk primarily to the confidentiality and integrity of cluster management sessions. Successful exploitation could allow attackers to execute arbitrary scripts in the context of administrators or users viewing the compromised Role object, potentially leading to credential theft, session hijacking, or unauthorized actions within the management console. Given that Kubernetes is widely adopted across European enterprises for container orchestration, and Red Hat Advanced Cluster Security is a prominent security solution in this space, the vulnerability could impact organizations relying on these tools to secure their cloud-native environments. The requirement for user interaction and cluster access limits the attack surface but does not eliminate risk, especially in environments where multiple users have cluster access or where third-party integrations might be compromised. The impact on availability is low, but the potential for lateral movement or privilege escalation through stolen credentials or session tokens could have broader security implications. Regulatory compliance frameworks in Europe, such as GDPR, may also be affected if exploitation leads to unauthorized access to personal data managed within Kubernetes workloads.

To mitigate this vulnerability, European organizations should: 1) Immediately upgrade Red Hat Advanced Cluster Security to a patched version once available, as no patch links are currently provided but should be prioritized upon release. 2) Implement strict input validation and sanitization policies for Kubernetes resource metadata, especially for Role object names, to prevent injection of malicious scripts. 3) Restrict cluster access to trusted users only and enforce strong authentication and authorization controls, minimizing the risk of malicious Role objects being created. 4) Monitor and audit Kubernetes Role objects and other metadata for suspicious or unexpected entries that could contain script code. 5) Employ Content Security Policy (CSP) headers and other browser-based mitigations to reduce the impact of potential XSS attacks in the management console. 6) Review and secure third-party integrations that interact with the Kubernetes cluster to prevent indirect compromise. 7) Educate administrators and users about the risk of interacting with untrusted or suspicious cluster resources and the importance of cautious behavior when accessing cluster management interfaces.