216.73.216.67

CVE-2025-54941

· Published 30/10/2025 10:15 · Modified 30/10/2025 20:15

Labels: CVE-2025-54941 2025-10-30CVE-2025-54941CWE-78[email protected]

Essential information

Published
30/10/2025 10:15
Modified
30/10/2025 20:15
Author
Creator
CVSS
4.6 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CVSS metrics

Description

An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code copied to build your own similar dag. If you used the `example_dag_decorator` please review it and apply the changes implemented in Airflow 3.0.5 accordingly.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
apache / airflow cpe:2.3:a:apache:airflow:3.0.5:*:*:*:*:*:*:*

References